mirror of
https://github.com/bitnami/charts.git
synced 2026-02-20 12:07:40 +08:00
[bitnami/appsmith] fix: 🔒 Move service-account token auto-mount to pod declaration (#22385)
* [bitnami/appsmith] fix: 🔒 Move service-account token auto-mount to pod declaration Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> * test: ✅ Update goss test to reflect new value Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> * test: ✅ Update goss test to reflect new value Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> --------- Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> Signed-off-by: Javier J. Salmerón-García <jsalmeron@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
committed by
GitHub
GitHub
parent
fed1a60819
commit
45978ff377
@@ -19,7 +19,7 @@ http:
|
||||
http://appsmith-rts:{{ .Vars.rts.service.ports.http }}/rts-api/v1/health-check:
|
||||
status: 200
|
||||
command:
|
||||
{{ if .Vars.serviceAccount.automountServiceAccountToken }}
|
||||
{{ if .Vars.client.automountServiceAccountToken }}
|
||||
check-sa:
|
||||
exec: cat /var/run/secrets/kubernetes.io/serviceaccount/token | cut -d '.' -f 2 | xargs -I '{}' echo '{}====' | fold -w 4 | sed '$ d' | tr -d '\n' | base64 -d
|
||||
exit-status: 0
|
||||
|
||||
@@ -8,13 +8,12 @@ rts:
|
||||
service:
|
||||
ports:
|
||||
http: 8085
|
||||
serviceAccount:
|
||||
automountServiceAccountToken: true
|
||||
client:
|
||||
service:
|
||||
type: LoadBalancer
|
||||
ports:
|
||||
http: 80
|
||||
automountServiceAccountToken: true
|
||||
containerSecurityContext:
|
||||
runAsUser: 1002
|
||||
podSecurityContext:
|
||||
|
||||
@@ -134,6 +134,7 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
| `client.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `client.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `client.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `client.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
|
||||
| `client.hostAliases` | Appsmith client pods host aliases | `[]` |
|
||||
| `client.podLabels` | Extra labels for Appsmith client pods | `{}` |
|
||||
| `client.podAnnotations` | Annotations for Appsmith client pods | `{}` |
|
||||
@@ -254,6 +255,7 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
| `backend.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `backend.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `backend.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `backend.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
|
||||
| `backend.hostAliases` | Appsmith backend pods host aliases | `[]` |
|
||||
| `backend.podLabels` | Extra labels for Appsmith backend pods | `{}` |
|
||||
| `backend.podAnnotations` | Annotations for Appsmith backend pods | `{}` |
|
||||
@@ -367,6 +369,7 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
| `rts.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `rts.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `rts.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `rts.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
|
||||
| `rts.hostAliases` | Appsmith rts pods host aliases | `[]` |
|
||||
| `rts.podLabels` | Extra labels for Appsmith rts pods | `{}` |
|
||||
| `rts.podAnnotations` | Annotations for Appsmith rts pods | `{}` |
|
||||
|
||||
@@ -32,6 +32,7 @@ spec:
|
||||
spec:
|
||||
serviceAccountName: {{ template "appsmith.serviceAccountName" . }}
|
||||
{{- include "appsmith.imagePullSecrets" . | nindent 6 }}
|
||||
automountServiceAccountToken: {{ .Values.backend.automountServiceAccountToken }}
|
||||
{{- if .Values.backend.hostAliases }}
|
||||
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.backend.hostAliases "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
|
||||
@@ -32,6 +32,7 @@ spec:
|
||||
spec:
|
||||
serviceAccountName: {{ template "appsmith.serviceAccountName" . }}
|
||||
{{- include "appsmith.imagePullSecrets" . | nindent 6 }}
|
||||
automountServiceAccountToken: {{ .Values.client.automountServiceAccountToken }}
|
||||
{{- if .Values.client.hostAliases }}
|
||||
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.client.hostAliases "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
|
||||
@@ -32,6 +32,7 @@ spec:
|
||||
spec:
|
||||
serviceAccountName: {{ template "appsmith.serviceAccountName" . }}
|
||||
{{- include "appsmith.imagePullSecrets" . | nindent 6 }}
|
||||
automountServiceAccountToken: {{ .Values.rts.automountServiceAccountToken }}
|
||||
{{- if .Values.rts.hostAliases }}
|
||||
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.rts.hostAliases "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
|
||||
@@ -212,6 +212,9 @@ client:
|
||||
## @param client.args Override default container args (useful when using custom images)
|
||||
##
|
||||
args: []
|
||||
## @param client.automountServiceAccountToken Mount Service Account token in pod
|
||||
##
|
||||
automountServiceAccountToken: false
|
||||
## @param client.hostAliases Appsmith client pods host aliases
|
||||
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
||||
##
|
||||
@@ -688,6 +691,9 @@ backend:
|
||||
## @param backend.args Override default container args (useful when using custom images)
|
||||
##
|
||||
args: []
|
||||
## @param backend.automountServiceAccountToken Mount Service Account token in pod
|
||||
##
|
||||
automountServiceAccountToken: false
|
||||
## @param backend.hostAliases Appsmith backend pods host aliases
|
||||
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
||||
##
|
||||
@@ -1083,6 +1089,9 @@ rts:
|
||||
## @param rts.args Override default container args (useful when using custom images)
|
||||
##
|
||||
args: []
|
||||
## @param rts.automountServiceAccountToken Mount Service Account token in pod
|
||||
##
|
||||
automountServiceAccountToken: false
|
||||
## @param rts.hostAliases Appsmith rts pods host aliases
|
||||
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
||||
##
|
||||
|
||||
Reference in New Issue
Block a user