Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-02-14 23:37:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/whereabouts] fix: 🔒 Move service-account token auto-mount to pod declaration (#22467)

Browse Source 
* [bitnami/whereabouts] fix: 🔒 Move service-account token auto-mount to pod declaration

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* test:  Update goss test to reflect new value

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

---------

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
Signed-off-by: Javier J. Salmerón-García <jsalmeron@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
2024-01-22 14:18:08 +01:00
committed by GitHub
parent e8a7097e9d
commit 9d9508be9a
6 changed files with 16 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.vib/whereabouts/goss/goss.yaml
View File

@@ -11,7 +11,7 @@ command:
# or the one randomly defined by openshift (larger values). Otherwise, the chart is still using the default value.
exec: if [ $(id -u) -lt {{ $uid }} ]; then exit 1; fi
exit-status: 0
{{ if .Vars.serviceAccount.automountServiceAccountToken }}
{{ if .Vars.automountServiceAccountToken }}
check-sa:
exec: cat /var/run/secrets/kubernetes.io/serviceaccount/token | cut -d '.' -f 2 | xargs -I '{}' echo '{}====' | fold -w 4 | sed '$ d' | tr -d '\n' | base64 -d
exit-status: 0

2
.vib/whereabouts/runtime-parameters.yaml
View File

@@ -2,7 +2,7 @@ hostCNIBinDir: /home/kubernetes/bin
CNIMountPath: /bitnami/whereabouts/host
serviceAccount:
create: true
automountServiceAccountToken: true
automountServiceAccountToken: true
containerSecurityContext:
enabled: true
runAsUser: 0

2
bitnami/whereabouts/Chart.yaml
View File

@@ -29,4 +29,4 @@ maintainers:
name: whereabouts
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/whereabouts
version: 0.7.2
version: 0.8.0

15
bitnami/whereabouts/README.md
View File

@@ -97,6 +97,7 @@ The command removes all the Kubernetes components associated with the chart and
| `priorityClassName` | Whereabouts pods' priorityClassName | `""` |
| `schedulerName` | Name of the k8s scheduler (other than default) | `""` |
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
| `automountServiceAccountToken` | Mount Service Account token in pod | `true` |
| `hostAliases` | Add deployment host aliases | `[]` |
| `extraEnvVars` | Extra environment variables | `[]` |
| `extraEnvVarsCM` | ConfigMap containing extra env vars | `""` |
@@ -153,13 +154,13 @@ The command removes all the Kubernetes components associated with the chart and
### Other Parameters
| Name | Description | Value |
| --------------------------------------------- | ---------------------------------------------------------------------- | ------ |
| `rbac.create` | Specifies whether RBAC resources should be created | `true` |
| `serviceAccount.create` | Enable creation of ServiceAccount for Whereabouts pod | `true` |
| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `true` |
| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` |
| Name | Description | Value |
| --------------------------------------------- | ---------------------------------------------------------------------- | ------- |
| `rbac.create` | Specifies whether RBAC resources should be created | `true` |
| `serviceAccount.create` | Enable creation of ServiceAccount for Whereabouts pod | `true` |
| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `false` |
| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,

1
bitnami/whereabouts/templates/daemonset.yaml
View File

@@ -54,6 +54,7 @@ spec:
{{- if .Values.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
{{- end }}
automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
{{- if .Values.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
{{- end }}

5
bitnami/whereabouts/values.yaml
View File

@@ -132,6 +132,9 @@ schedulerName: ""
## The value is evaluated as a template
##
topologySpreadConstraints: []
## @param automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: true
## @param hostAliases [array] Add deployment host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
@@ -332,7 +335,7 @@ serviceAccount:
## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created
## Can be set to false if pods using this serviceAccount do not need to use K8s API
##
automountServiceAccountToken: true
automountServiceAccountToken: false
## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount
##
annotations: {}