[bitnami/haproxy] fix: 🔒 Move service-account token auto-mount to pod declaration (#22410)

* [bitnami/haproxy] fix: 🔒 Move service-account token auto-mount to pod declaration

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* test: ✅ Update goss test to reflect new value

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

---------

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
Signed-off-by: Javier J. Salmerón-García <jsalmeron@vmware.com>

.vib/haproxy/goss/goss.yaml

@@ -9,7 +9,7 @@ command:
     # or the one randomly defined by openshift (larger values). Otherwise, the chart is still using the default value.
     exec: if [ $(id -u) -lt {{ $uid }} ] || [ $(id -G | awk '{print $2}') -lt {{ $gid }} ]; then exit 1; fi
     exit-status: 0
-  {{ if .Vars.serviceAccount.automountServiceAccountToken }}
+  {{ if .Vars.automountServiceAccountToken }}
   check-sa:
     exec: cat /var/run/secrets/kubernetes.io/serviceaccount/token | cut -d '.' -f 2 | xargs -I '{}' echo '{}====' | fold -w 4 | sed '$ d' | tr -d '\n' | base64 -d
     exit-status: 0

.vib/haproxy/runtime-parameters.yaml

@@ -23,7 +23,7 @@ containerSecurityContext:
   runAsUser: 1002
 serviceAccount:
   create: true
-  automountServiceAccountToken: true
+automountServiceAccountToken: true
 service:
   type: LoadBalancer
   ports:

bitnami/haproxy/Chart.yaml

@@ -28,4 +28,4 @@ maintainers:
 name: haproxy
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/haproxy
-version: 0.12.2
+version: 0.13.0

bitnami/haproxy/README.md

@@ -167,6 +167,7 @@ The command removes all the Kubernetes components associated with the chart and
 | `autoscaling.targetMemory`                          | Target Memory utilization percentage                                                                    | `50`                      |
 | `command`                                           | Override default container command (useful when using custom images)                                    | `[]`                      |
 | `args`                                              | Override default container args (useful when using custom images)                                       | `[]`                      |
+| `automountServiceAccountToken`                      | Mount Service Account token in pod                                                                      | `false`                   |
 | `hostAliases`                                       | haproxy pods host aliases                                                                               | `[]`                      |
 | `podLabels`                                         | Extra labels for haproxy pods                                                                           | `{}`                      |
 | `podAnnotations`                                    | Annotations for haproxy pods                                                                            | `{}`                      |

bitnami/haproxy/templates/deployment.yaml

@@ -41,6 +41,7 @@ spec:
       {{- end }}
       serviceAccountName: {{ template "haproxy.serviceAccountName" . }}
       {{- include "haproxy.imagePullSecrets" . | nindent 6 }}
+      automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
       {{- if .Values.hostAliases }}
       hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
       {{- end }}

bitnami/haproxy/values.yaml

@@ -393,6 +393,9 @@ command: []
 ## @param args Override default container args (useful when using custom images)
 ##
 args: []
+## @param automountServiceAccountToken Mount Service Account token in pod
+##
+automountServiceAccountToken: false
 ## @param hostAliases haproxy pods host aliases
 ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
 ##