From 3596309a6d0cc39774b650c020f31bb41835c8c4 Mon Sep 17 00:00:00 2001 From: Ankit Mehta Date: Fri, 2 Apr 2021 05:21:38 -0400 Subject: [PATCH] Add serviceAccount to Kafka metrics deployment and add automountServiceAccountToken on SA (#5988) Signed-off-by: Ankit Mehta --- bitnami/kafka/Chart.yaml | 2 +- bitnami/kafka/README.md | 1 + bitnami/kafka/templates/kafka-metrics-deployment.yaml | 1 + bitnami/kafka/templates/serviceaccount.yaml | 1 + bitnami/kafka/values.yaml | 3 +++ 5 files changed, 7 insertions(+), 1 deletion(-) diff --git a/bitnami/kafka/Chart.yaml b/bitnami/kafka/Chart.yaml index 08e91f31f5..cb1078461f 100644 --- a/bitnami/kafka/Chart.yaml +++ b/bitnami/kafka/Chart.yaml @@ -29,4 +29,4 @@ name: kafka sources: - https://github.com/bitnami/bitnami-docker-kafka - https://kafka.apache.org/ -version: 12.15.1 +version: 12.16.0 diff --git a/bitnami/kafka/README.md b/bitnami/kafka/README.md index e8fc269840..d2e2202cb4 100644 --- a/bitnami/kafka/README.md +++ b/bitnami/kafka/README.md @@ -225,6 +225,7 @@ The following tables lists the configurable parameters of the Kafka chart and th |-------------------------|------------------------------------------------------------------------------------------------|---------------------------------------------------------| | `serviceAccount.create` | Enable creation of ServiceAccount for Kafka pods | `true` | | `serviceAccount.name` | The name of the service account to use. If not set and `create` is `true`, a name is generated | Generated using the `kafka.serviceAccountName` template | + `serviceAccount.automountServiceAccountToken` | Enable/Disable automountServiceAccountToken for Service Account | `true` | | `rbac.create` | Whether to create & use RBAC resources or not | `false` | ### Volume Permissions parameters diff --git a/bitnami/kafka/templates/kafka-metrics-deployment.yaml b/bitnami/kafka/templates/kafka-metrics-deployment.yaml index 6734172bd5..c5dc9447f8 100644 --- a/bitnami/kafka/templates/kafka-metrics-deployment.yaml +++ b/bitnami/kafka/templates/kafka-metrics-deployment.yaml @@ -30,6 +30,7 @@ spec: {{- if .Values.metrics.kafka.schedulerName }} schedulerName: {{ .Values.metrics.kafka.schedulerName | quote }} {{- end }} + serviceAccountName: {{ template "kafka.serviceAccountName" . }} containers: - name: kafka-exporter image: {{ include "kafka.metrics.kafka.image" . }} diff --git a/bitnami/kafka/templates/serviceaccount.yaml b/bitnami/kafka/templates/serviceaccount.yaml index 54d694c4c3..14dc4faeb5 100644 --- a/bitnami/kafka/templates/serviceaccount.yaml +++ b/bitnami/kafka/templates/serviceaccount.yaml @@ -11,4 +11,5 @@ metadata: {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} {{- end }} diff --git a/bitnami/kafka/values.yaml b/bitnami/kafka/values.yaml index 22855b5e3c..b17b20fd4f 100644 --- a/bitnami/kafka/values.yaml +++ b/bitnami/kafka/values.yaml @@ -832,6 +832,9 @@ serviceAccount: ## If not set and create is true, a name is generated using the kafka.serviceAccountName template ## # name: + # Allows auto mount of ServiceAccountToken on the serviceAccount created + # Can be set to false if pods using this serviceAccount do not need to use K8s API + automountServiceAccountToken: true ## Role Based Access ## ref: https://kubernetes.io/docs/admin/authorization/rbac/