Add curity.admin.serviceAccount.name configuration setting

curityio · Sep 23, 2024 · 71c8a37 · 71c8a37
1 parent d3b379c
commit 71c8a37
Show file tree

Hide file tree

Showing 5 changed files with 18 additions and 5 deletions.
diff --git a/idsvr/Chart.yaml b/idsvr/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v1
 name: idsvr
-version: 0.12.29
+version: 0.12.30
 appVersion: 9.5.0
 description: A Helm chart for Curity Identity Server
 keywords:

diff --git a/idsvr/README.md b/idsvr/README.md
@@ -70,6 +70,7 @@ In the table below you can find information about the parameters that are config
 | `curity.admin.service.port` | The admin configuration port | `6789` |
 | `curity.admin.service.annotations` | Extra annotations to add to the admin service | `{}` |
 | `curity.admin.extraEnv` | Extra environment variables to provide to the admin container | `[]` |
+| `curity.admin.serviceAccount.name`| The name of an existing service account to use on the admin nodes. Defaults to `default` if not specified. <sup>[4](#f4)</sup> | `null` |
 | `curity.admin.initContainers` | Definition of initContainers for the admin service | `[]` |
 | `curity.admin.extraVolumes` | Extra volumes to add to the admin pod | `[]` |
 | `curity.admin.extraVolumeMounts` | Extra volumes to mount in the admin container | `[]` |
@@ -191,6 +192,8 @@ paths:
 
 <b id="f3">3</b> The `unattendedinstall` script runs by default on the admin node if an admin `PASSWORD` is set, either by the value or some other environment variable. The installer creates default keys and enables the Admin UI so this configuration option shall be used if that config is either not necessary or loaded in some other way (i.e using `curity.config.configuration` or embedded in the docker image used).
 
+<b id="f4">5</b> If `curity.config.backup` is enabled, the assigned service account must have access to update secrets.
+
 ## Examples
 
 ### Quickstart

diff --git a/idsvr/templates/_helpers.tpl b/idsvr/templates/_helpers.tpl
@@ -50,4 +50,14 @@ Creates the name of the service account used by the runtime nodes.
 */}}
 {{- define "curity.runtime.serviceAccountName" -}}
   {{ default "default" .Values.curity.runtime.serviceAccount.name }}
-{{- end -}}
+{{- end -}}
+
+{{- define "curity.admin.serviceAccountName" -}}
+{{- if .Values.curity.admin.serviceAccount.name -}}
+{{.Values.curity.admin.serviceAccount.name}}
+{{- else if .Values.curity.config.backup -}}
+{{ include "curity.fullname" . }}-service-account
+{{- else -}}
+default
+{{- end -}}
+{{- end }}
diff --git a/idsvr/templates/deployment-admin.yaml b/idsvr/templates/deployment-admin.yaml
@@ -277,9 +277,7 @@ spec:
         {{- if .Values.curity.admin.extraVolumes }}
               {{- .Values.curity.admin.extraVolumes | toYaml | nindent 8 }}
         {{- end }}
-      {{- if .Values.curity.config.backup }}
-      serviceAccountName: {{ include "curity.fullname" . }}-service-account
-      {{- end }}
+      serviceAccountName: {{ template "curity.admin.serviceAccountName" . }}
       {{- with .Values.curity.admin.initContainers }}
       initContainers:
             {{- toYaml . | nindent 8 }}

diff --git a/idsvr/values.yaml b/idsvr/values.yaml
@@ -38,6 +38,8 @@ curity:
       type: ClusterIP
       port: 6789
       annotations: {}
+    serviceAccount:
+      name:
     livenessProbe:
       path: /
       timeoutSeconds: 1