mirror of
https://github.com/bitnami/charts.git
synced 2026-02-26 15:57:38 +08:00
[bitnami/pinniped] fix: 🔒 Move service-account token auto-mount to pod declaration (#22449)
Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> Signed-off-by: Miguel Ruiz <miruiz@vmware.com> Co-authored-by: Miguel Ruiz <miruiz@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
committed by
GitHub
GitHub
parent
72db09bfa2
commit
9113dbd8c3
@@ -27,4 +27,4 @@ maintainers:
|
||||
name: pinniped
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/pinniped
|
||||
version: 1.5.2
|
||||
version: 1.6.0
|
||||
|
||||
@@ -138,6 +138,7 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
| `concierge.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `concierge.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `concierge.deployAPIService` | Deploy the APIService objects | `true` |
|
||||
| `concierge.automountServiceAccountToken` | Mount Service Account token in pod | `true` |
|
||||
| `concierge.hostAliases` | Concierge pods host aliases | `[]` |
|
||||
| `concierge.podLabels` | Extra labels for Concierge pods | `{}` |
|
||||
| `concierge.podAnnotations` | Annotations for Concierge pods | `{}` |
|
||||
@@ -165,21 +166,21 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
|
||||
### Concierge RBAC settings
|
||||
|
||||
| Name | Description | Value |
|
||||
| ---------------------------------------------------------------------------- | ----------------------------------------------------------------------------- | ------ |
|
||||
| `concierge.rbac.create` | Create Concierge RBAC objects | `true` |
|
||||
| `concierge.serviceAccount.concierge.name` | Name of an existing Service Account for the Concierge Deployment | `""` |
|
||||
| `concierge.serviceAccount.concierge.create` | Create a Service Account for the Concierge Deployment | `true` |
|
||||
| `concierge.serviceAccount.concierge.automountServiceAccountToken` | Auto mount token for the Concierge Deployment Service Account | `true` |
|
||||
| `concierge.serviceAccount.concierge.annotations` | Annotations for the Concierge Service Account | `{}` |
|
||||
| `concierge.serviceAccount.impersonationProxy.name` | Name of an existing Service Account for the Concierge Impersonator | `""` |
|
||||
| `concierge.serviceAccount.impersonationProxy.create` | Create a Service Account for the Concierge Impersonator | `true` |
|
||||
| `concierge.serviceAccount.impersonationProxy.automountServiceAccountToken` | Auto mount token for the Concierge Impersonator Service Account | `true` |
|
||||
| `concierge.serviceAccount.impersonationProxy.annotations` | Annotations for the Concierge Service Account | `{}` |
|
||||
| `concierge.serviceAccount.kubeCertAgentService.name` | Name of an existing Service Account for the Concierge kube-cert-agent-service | `""` |
|
||||
| `concierge.serviceAccount.kubeCertAgentService.create` | Create a Service Account for the Concierge kube-cert-agent-service | `true` |
|
||||
| `concierge.serviceAccount.kubeCertAgentService.automountServiceAccountToken` | Auto mount token for the Concierge kube-cert-agent-service Service Account | `true` |
|
||||
| `concierge.serviceAccount.kubeCertAgentService.annotations` | Annotations for the Concierge Service Account | `{}` |
|
||||
| Name | Description | Value |
|
||||
| ---------------------------------------------------------------------------- | ----------------------------------------------------------------------------- | ------- |
|
||||
| `concierge.rbac.create` | Create Concierge RBAC objects | `true` |
|
||||
| `concierge.serviceAccount.concierge.name` | Name of an existing Service Account for the Concierge Deployment | `""` |
|
||||
| `concierge.serviceAccount.concierge.create` | Create a Service Account for the Concierge Deployment | `true` |
|
||||
| `concierge.serviceAccount.concierge.automountServiceAccountToken` | Auto mount token for the Concierge Deployment Service Account | `false` |
|
||||
| `concierge.serviceAccount.concierge.annotations` | Annotations for the Concierge Service Account | `{}` |
|
||||
| `concierge.serviceAccount.impersonationProxy.name` | Name of an existing Service Account for the Concierge Impersonator | `""` |
|
||||
| `concierge.serviceAccount.impersonationProxy.create` | Create a Service Account for the Concierge Impersonator | `true` |
|
||||
| `concierge.serviceAccount.impersonationProxy.automountServiceAccountToken` | Auto mount token for the Concierge Impersonator Service Account | `false` |
|
||||
| `concierge.serviceAccount.impersonationProxy.annotations` | Annotations for the Concierge Service Account | `{}` |
|
||||
| `concierge.serviceAccount.kubeCertAgentService.name` | Name of an existing Service Account for the Concierge kube-cert-agent-service | `""` |
|
||||
| `concierge.serviceAccount.kubeCertAgentService.create` | Create a Service Account for the Concierge kube-cert-agent-service | `true` |
|
||||
| `concierge.serviceAccount.kubeCertAgentService.automountServiceAccountToken` | Auto mount token for the Concierge kube-cert-agent-service Service Account | `false` |
|
||||
| `concierge.serviceAccount.kubeCertAgentService.annotations` | Annotations for the Concierge Service Account | `{}` |
|
||||
|
||||
### Concierge Traffic Exposure Parameters
|
||||
|
||||
@@ -247,6 +248,7 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
| `supervisor.existingConfigmap` | The name of an existing ConfigMap with your custom configuration for Supervisor | `""` |
|
||||
| `supervisor.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `supervisor.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `supervisor.automountServiceAccountToken` | Mount Service Account token in pod | `true` |
|
||||
| `supervisor.hostAliases` | Supervisor pods host aliases | `[]` |
|
||||
| `supervisor.podLabels` | Extra labels for Supervisor pods | `{}` |
|
||||
| `supervisor.podAnnotations` | Annotations for Supervisor pods | `{}` |
|
||||
@@ -274,13 +276,13 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
|
||||
### Supervisor RBAC settings
|
||||
|
||||
| Name | Description | Value |
|
||||
| -------------------------------------------------------- | ----------------------------------------------------------------- | ------ |
|
||||
| `supervisor.rbac.create` | Create Supervisor RBAC objects | `true` |
|
||||
| `supervisor.serviceAccount.name` | Name of an existing Service Account for the Supervisor Deployment | `""` |
|
||||
| `supervisor.serviceAccount.create` | Create a Service Account for the Supervisor Deployment | `true` |
|
||||
| `supervisor.serviceAccount.automountServiceAccountToken` | Auto mount token for the Supervisor Deployment Service Account | `true` |
|
||||
| `supervisor.serviceAccount.annotations` | Annotations for the Supervisor Service Account | `{}` |
|
||||
| Name | Description | Value |
|
||||
| -------------------------------------------------------- | ----------------------------------------------------------------- | ------- |
|
||||
| `supervisor.rbac.create` | Create Supervisor RBAC objects | `true` |
|
||||
| `supervisor.serviceAccount.name` | Name of an existing Service Account for the Supervisor Deployment | `""` |
|
||||
| `supervisor.serviceAccount.create` | Create a Service Account for the Supervisor Deployment | `true` |
|
||||
| `supervisor.serviceAccount.automountServiceAccountToken` | Auto mount token for the Supervisor Deployment Service Account | `false` |
|
||||
| `supervisor.serviceAccount.annotations` | Annotations for the Supervisor Service Account | `{}` |
|
||||
|
||||
### Supervisor Traffic Exposure Parameters
|
||||
|
||||
|
||||
@@ -36,6 +36,7 @@ spec:
|
||||
spec:
|
||||
serviceAccountName: {{ template "pinniped.concierge.serviceAccountName" . }}
|
||||
{{- include "pinniped.imagePullSecrets" . | nindent 6 }}
|
||||
automountServiceAccountToken: {{ .Values.concierge.automountServiceAccountToken }}
|
||||
{{- if .Values.concierge.hostAliases }}
|
||||
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.concierge.hostAliases "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
|
||||
@@ -35,6 +35,7 @@ spec:
|
||||
spec:
|
||||
serviceAccountName: {{ template "pinniped.supervisor.serviceAccountName" . }}
|
||||
{{- include "pinniped.imagePullSecrets" . | nindent 6 }}
|
||||
automountServiceAccountToken: {{ .Values.supervisor.automountServiceAccountToken }}
|
||||
{{- if .Values.supervisor.hostAliases }}
|
||||
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.supervisor.hostAliases "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
|
||||
@@ -266,6 +266,9 @@ concierge:
|
||||
## @param concierge.deployAPIService Deploy the APIService objects
|
||||
##
|
||||
deployAPIService: true
|
||||
## @param concierge.automountServiceAccountToken Mount Service Account token in pod
|
||||
##
|
||||
automountServiceAccountToken: true
|
||||
## @param concierge.hostAliases Concierge pods host aliases
|
||||
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
||||
##
|
||||
@@ -400,7 +403,7 @@ concierge:
|
||||
concierge:
|
||||
name: ""
|
||||
create: true
|
||||
automountServiceAccountToken: true
|
||||
automountServiceAccountToken: false
|
||||
annotations: {}
|
||||
## @param concierge.serviceAccount.impersonationProxy.name Name of an existing Service Account for the Concierge Impersonator
|
||||
## @param concierge.serviceAccount.impersonationProxy.create Create a Service Account for the Concierge Impersonator
|
||||
@@ -410,7 +413,7 @@ concierge:
|
||||
impersonationProxy:
|
||||
name: ""
|
||||
create: true
|
||||
automountServiceAccountToken: true
|
||||
automountServiceAccountToken: false
|
||||
annotations: {}
|
||||
## @param concierge.serviceAccount.kubeCertAgentService.name Name of an existing Service Account for the Concierge kube-cert-agent-service
|
||||
## @param concierge.serviceAccount.kubeCertAgentService.create Create a Service Account for the Concierge kube-cert-agent-service
|
||||
@@ -420,7 +423,7 @@ concierge:
|
||||
kubeCertAgentService:
|
||||
name: ""
|
||||
create: true
|
||||
automountServiceAccountToken: true
|
||||
automountServiceAccountToken: false
|
||||
annotations: {}
|
||||
|
||||
## @section Concierge Traffic Exposure Parameters
|
||||
@@ -618,6 +621,9 @@ supervisor:
|
||||
## @param supervisor.args Override default container args (useful when using custom images)
|
||||
##
|
||||
args: []
|
||||
## @param supervisor.automountServiceAccountToken Mount Service Account token in pod
|
||||
##
|
||||
automountServiceAccountToken: true
|
||||
## @param supervisor.hostAliases Supervisor pods host aliases
|
||||
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
||||
##
|
||||
@@ -751,7 +757,7 @@ supervisor:
|
||||
##
|
||||
name: ""
|
||||
create: true
|
||||
automountServiceAccountToken: true
|
||||
automountServiceAccountToken: false
|
||||
annotations: {}
|
||||
|
||||
## @section Supervisor Traffic Exposure Parameters
|
||||
|
||||
Reference in New Issue
Block a user