Skip to content

Commit 56f62f7

Browse files
LucasMrqesLucasMrqes
authored
feat(chart): merge additional datastore service accounts with required ones (#424)
1 parent cd4d884 commit 56f62f7

File tree

2 files changed

+10
-4
lines changed

2 files changed

+10
-4
lines changed

deploy/charts/burrito/templates/config.yaml

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -22,10 +22,15 @@ Datastore Authorized Service Accounts
2222
{{- end }}
2323
{{- end }}
2424
{{- $controller := printf "%s/%s" .Release.Namespace "burrito-controllers" }}
25-
{{- $datastoreAuthorizedServiceAccounts = append $datastoreAuthorizedServiceAccounts $controller }}
25+
# check if the service account is already in the list, to prevent adding it multiple times if the config rerenders
26+
{{- if not (has $controller $config.datastore.serviceAccounts) }}
27+
{{- $datastoreAuthorizedServiceAccounts = append $datastoreAuthorizedServiceAccounts $controller }}
28+
{{- end }}
2629
{{- $server := printf "%s/%s" .Release.Namespace "burrito-server" }}
27-
{{- $datastoreAuthorizedServiceAccounts = append $datastoreAuthorizedServiceAccounts $server }}
28-
{{- $_ := set $config.datastore "serviceAccounts" $datastoreAuthorizedServiceAccounts }}
30+
{{- if not (has $server $config.datastore.serviceAccounts) }}
31+
{{- $datastoreAuthorizedServiceAccounts = append $datastoreAuthorizedServiceAccounts $server }}
32+
{{- end }}
33+
{{- $_ := set $config.datastore "serviceAccounts" (concat $datastoreAuthorizedServiceAccounts $config.datastore.serviceAccounts) }}
2934

3035
{{/*
3136
TLS certificates

deploy/charts/burrito/values.yaml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,7 @@ config:
5858
# -- Provider cache custom configuration
5959
hermitcrab: {}
6060
datastore:
61-
# -- Service account to use for datastore operations (e.g. reading/writing to storage)
61+
# -- Service accounts that are allowed to access the datastore API in namespace/name format (not the service account used by the datastore pods, check datastore.serviceAccount.metadata for that)
6262
serviceAccounts: []
6363
storage:
6464
# -- Use in-memory storage for testing - not intended for production use, data will be lost on datastore restart
@@ -369,6 +369,7 @@ datastore:
369369
labels:
370370
app.kubernetes.io/component: datastore
371371
app.kubernetes.io/name: burrito-datastore
372+
# -- Service account configuration for the Burrito datastore deployment. Use this to grant permission to the datastore to interact with external storage
372373
serviceAccount:
373374
metadata:
374375
annotations: {}

0 commit comments

Comments
 (0)