diff --git a/charts/authentik/templates/server/deployment.yaml b/charts/authentik/templates/server/deployment.yaml index ebaff20..861bb47 100644 --- a/charts/authentik/templates/server/deployment.yaml +++ b/charts/authentik/templates/server/deployment.yaml @@ -38,13 +38,21 @@ spec: {{- end }} {{- end }} spec: + {{- if .Values.server.serviceAccount.create }} + {{- if .Values.server.serviceAccount.name }} + serviceAccountName: {{ .Values.server.serviceAccount.name }} + {{- else }} + serviceAccountName: {{ template "authentik.server.fullname" . }} + {{- end }} + {{- else }} {{- with .Values.server.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} - {{- end }} + {{- end }} {{- with .Values.server.serviceAccountName }} serviceAccountName: {{ . }} {{- end }} + {{- end }} {{- with .Values.global.hostAliases }} hostAliases: {{- toYaml . | nindent 8 }} diff --git a/charts/authentik/templates/server/serviceaccount.yaml b/charts/authentik/templates/server/serviceaccount.yaml new file mode 100644 index 0000000..28381b7 --- /dev/null +++ b/charts/authentik/templates/server/serviceaccount.yaml @@ -0,0 +1,27 @@ +{{- if .Values.server.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- if .Values.server.serviceAccount.name }} + name: {{ .Values.server.serviceAccount.name }} + {{- else }} + name: {{ template "authentik.server.fullname" . }} + {{- end }} + namespace: {{ $.Release.Namespace }} + labels: + {{- include "authentik.labels" (dict "context" . "component" .Values.worker.name) | nindent 4 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.worker.podLabels) }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if .Values.server.serviceAccount.labels }} + {{- toYaml .Values.server.serviceAccount.labels | nindent 4 }} + {{- end }} + {{- if .Values.server.serviceAccount.annotations }} + annotations: + {{ toYaml .Values.serviceAccount.annotations | indent 4 }} + {{- end }} +{{- with .Values.server.imagePullSecrets | default .Values.global.imagePullSecrets }} +imagePullSecrets: +{{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/authentik/templates/worker/deployment.yaml b/charts/authentik/templates/worker/deployment.yaml index 3a41c23..9a7ec02 100644 --- a/charts/authentik/templates/worker/deployment.yaml +++ b/charts/authentik/templates/worker/deployment.yaml @@ -38,15 +38,19 @@ spec: {{- end }} {{- end }} spec: + {{- if .Values.worker.serviceAccount.create }} + {{- if .Values.worker.serviceAccount.name }} + serviceAccountName: {{ .Values.worker.serviceAccount.name }} + {{- else }} + serviceAccountName: {{ template "authentik.server.fullname" . }} + {{- end }} + {{- else }} {{- with .Values.worker.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.worker.serviceAccountName }} + {{- end }} + {{- with .Values.server.serviceAccountName }} serviceAccountName: {{ . }} - {{- else }} - {{- if .Values.serviceAccount.create }} - serviceAccountName: {{ include "authentik-remote-cluster.fullname" .Subcharts.serviceAccount }} {{- end }} {{- end }} {{- with .Values.global.hostAliases }} diff --git a/charts/authentik/templates/worker/serviceaccount.yaml b/charts/authentik/templates/worker/serviceaccount.yaml new file mode 100644 index 0000000..8c19466 --- /dev/null +++ b/charts/authentik/templates/worker/serviceaccount.yaml @@ -0,0 +1,27 @@ +{{- if .Values.worker.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- if .Values.worker.serviceAccount.name }} + name: {{ .Values.worker.serviceAccount.name }} + {{- else }} + name: {{ template "authentik.server.fullname" . }} + {{- end }} + namespace: {{ $.Release.Namespace }} + labels: + {{- include "authentik.labels" (dict "context" . "component" .Values.worker.name) | nindent 4 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.worker.podLabels) }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if .Values.worker.serviceAccount.labels }} + {{- toYaml .Values.worker.serviceAccount.labels | nindent 4 }} + {{- end }} + {{- if .Values.worker.serviceAccount.annotations }} + annotations: + {{ toYaml .Values.serviceAccount.annotations | indent 4 }} + {{- end }} +{{- with .Values.worker.imagePullSecrets | default .Values.global.imagePullSecrets }} +imagePullSecrets: +{{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/authentik/values.yaml b/charts/authentik/values.yaml index 960730c..e930355 100644 --- a/charts/authentik/values.yaml +++ b/charts/authentik/values.yaml @@ -378,9 +378,15 @@ server: # -- Alternative DNS policy for authentik server pods dnsPolicy: "" - # -- serviceAccount to use for authentik server pods + # -- serviceAccount to use for authentik server pods used when serviceAccount.create is false serviceAccountName: ~ - + serviceAccount: + create: true + # -- serviceAccount name if not provided will be generated using the fullname template + name: + labels: {} + annotations: {} + # -- authentik server pod-level security context # @default -- `{}` (See [values.yaml]) securityContext: {} @@ -757,8 +763,14 @@ worker: # -- Alternative DNS policy for authentik worker pods dnsPolicy: "" - # -- serviceAccount to use for authentik worker pods. If set, overrides the value used when serviceAccount.create is true + # -- serviceAccount to use for authentik server pods used when serviceAccount.create is false serviceAccountName: ~ + serviceAccount: + create: true + # -- serviceAccount name if not provided will be generated using the fullname template + name: + labels: {} + annotations: {} # -- authentik worker pod-level security context # @default -- `{}` (See [values.yaml])