✨(helm) add serviceAccountName parameter for services
Add support for specifying custom service accounts in all Kubernetes resources in our Helm charts to enable workload identity federation with managed cloud services (PostgreSQL, Redis, etc.). This allows deployments to authenticate to cloud resources without embedding credentials in secrets.
This commit is contained in:
AlexB
@@ -10,6 +10,7 @@ and this project adheres to
|
||||
|
||||
### Added
|
||||
|
||||
- ✨(helm) Service Account support for K8s Resources in Helm Charts #778
|
||||
- ✨(backend) allow masking documents from the list view #1171
|
||||
- ✨(frontend) subdocs can manage link reach #1190
|
||||
- ✨(frontend) add duplicate action to doc tree #1175
|
||||
|
||||
@@ -135,6 +135,7 @@
|
||||
| `backend.extraVolumeMounts` | Additional volumes to mount on the backend. | `[]` |
|
||||
| `backend.extraVolumes` | Additional volumes to mount on the backend. | `[]` |
|
||||
| `backend.pdb.enabled` | Enable pdb on backend | `true` |
|
||||
| `backend.serviceAccountName` | Optional service account name to use for backend pods | `nil` |
|
||||
| `backend.themeCustomization.enabled` | Enable theme customization | `false` |
|
||||
| `backend.themeCustomization.file_content` | Content of the theme customization file. Must be a json object. | `""` |
|
||||
| `backend.themeCustomization.mount_path` | Path where the customization file will be mounted in the backend deployment. | `/app/impress/configuration/theme` |
|
||||
@@ -198,6 +199,7 @@
|
||||
| `frontend.extraVolumeMounts` | Additional volumes to mount on the frontend. | `[]` |
|
||||
| `frontend.extraVolumes` | Additional volumes to mount on the frontend. | `[]` |
|
||||
| `frontend.pdb.enabled` | Enable pdb on frontend | `true` |
|
||||
| `frontend.serviceAccountName` | Optional service account name to use for frontend pods | `nil` |
|
||||
|
||||
### posthog
|
||||
|
||||
@@ -280,3 +282,4 @@
|
||||
| `yProvider.extraVolumeMounts` | Additional volumes to mount on the yProvider. | `[]` |
|
||||
| `yProvider.extraVolumes` | Additional volumes to mount on the yProvider. | `[]` |
|
||||
| `yProvider.pdb.enabled` | Enable pdb on yProvider | `true` |
|
||||
| `yProvider.serviceAccountName` | Optional service account name to use for yProvider pods | `nil` |
|
||||
|
||||
@@ -30,6 +30,9 @@ spec:
|
||||
imagePullSecrets:
|
||||
- name: {{ include "impress.secret.dockerconfigjson.name" (dict "fullname" (include "impress.fullname" .) "imageCredentials" $.Values.image.credentials) }}
|
||||
{{- end}}
|
||||
{{- if .Values.backend.serviceAccountName }}
|
||||
serviceAccountName: {{ .Values.backend.serviceAccountName }}
|
||||
{{- end }}
|
||||
shareProcessNamespace: {{ .Values.backend.shareProcessNamespace }}
|
||||
containers:
|
||||
{{- with .Values.backend.sidecars }}
|
||||
|
||||
@@ -29,6 +29,9 @@ spec:
|
||||
imagePullSecrets:
|
||||
- name: {{ include "impress.secret.dockerconfigjson.name" (dict "fullname" (include "impress.fullname" .) "imageCredentials" $.Values.image.credentials) }}
|
||||
{{- end}}
|
||||
{{- if .Values.backend.serviceAccountName }}
|
||||
serviceAccountName: {{ .Values.backend.serviceAccountName }}
|
||||
{{- end }}
|
||||
shareProcessNamespace: {{ .Values.backend.shareProcessNamespace }}
|
||||
containers:
|
||||
{{- with .Values.backend.sidecars }}
|
||||
|
||||
@@ -29,6 +29,9 @@ spec:
|
||||
imagePullSecrets:
|
||||
- name: {{ include "impress.secret.dockerconfigjson.name" (dict "fullname" (include "impress.fullname" .) "imageCredentials" $.Values.image.credentials) }}
|
||||
{{- end}}
|
||||
{{- if .Values.backend.serviceAccountName }}
|
||||
serviceAccountName: {{ .Values.backend.serviceAccountName }}
|
||||
{{- end }}
|
||||
shareProcessNamespace: {{ .Values.backend.shareProcessNamespace }}
|
||||
containers:
|
||||
{{- with .Values.backend.sidecars }}
|
||||
|
||||
@@ -30,6 +30,9 @@ spec:
|
||||
imagePullSecrets:
|
||||
- name: {{ include "impress.secret.dockerconfigjson.name" (dict "fullname" (include "impress.fullname" .) "imageCredentials" $.Values.image.credentials) }}
|
||||
{{- end}}
|
||||
{{- if .Values.backend.serviceAccountName }}
|
||||
serviceAccountName: {{ .Values.backend.serviceAccountName }}
|
||||
{{- end }}
|
||||
shareProcessNamespace: {{ .Values.backend.shareProcessNamespace }}
|
||||
containers:
|
||||
{{- with .Values.backend.sidecars }}
|
||||
|
||||
@@ -30,6 +30,9 @@ spec:
|
||||
imagePullSecrets:
|
||||
- name: {{ include "impress.secret.dockerconfigjson.name" (dict "fullname" (include "impress.fullname" .) "imageCredentials" $.Values.image.credentials) }}
|
||||
{{- end}}
|
||||
{{- if .Values.frontend.serviceAccountName }}
|
||||
serviceAccountName: {{ .Values.frontend.serviceAccountName }}
|
||||
{{- end }}
|
||||
shareProcessNamespace: {{ .Values.frontend.shareProcessNamespace }}
|
||||
containers:
|
||||
{{- with .Values.frontend.sidecars }}
|
||||
|
||||
@@ -30,6 +30,9 @@ spec:
|
||||
imagePullSecrets:
|
||||
- name: {{ include "impress.secret.dockerconfigjson.name" (dict "fullname" (include "impress.fullname" .) "imageCredentials" $.Values.image.credentials) }}
|
||||
{{- end}}
|
||||
{{- if .Values.yProvider.serviceAccountName }}
|
||||
serviceAccountName: {{ .Values.yProvider.serviceAccountName }}
|
||||
{{- end }}
|
||||
shareProcessNamespace: {{ .Values.yProvider.shareProcessNamespace }}
|
||||
containers:
|
||||
{{- with .Values.yProvider.sidecars }}
|
||||
|
||||
@@ -236,8 +236,8 @@ backend:
|
||||
targetPort: 8000
|
||||
annotations: {}
|
||||
|
||||
## @param backend.migrate.command backend migrate command
|
||||
## @param backend.migrate.restartPolicy backend migrate job restart policy
|
||||
## @param backend.migrate.command backend migrate command
|
||||
## @param backend.migrate.restartPolicy backend migrate job restart policy
|
||||
migrate:
|
||||
command:
|
||||
- /bin/sh
|
||||
@@ -254,8 +254,8 @@ backend:
|
||||
python manage.py migrate --no-input
|
||||
restartPolicy: Never
|
||||
|
||||
## @param backend.createsuperuser.command backend migrate command
|
||||
## @param backend.createsuperuser.restartPolicy backend migrate job restart policy
|
||||
## @param backend.createsuperuser.command backend migrate command
|
||||
## @param backend.createsuperuser.restartPolicy backend migrate job restart policy
|
||||
createsuperuser:
|
||||
command:
|
||||
- "/bin/sh"
|
||||
@@ -282,7 +282,7 @@ backend:
|
||||
name: ""
|
||||
command: []
|
||||
restartPolicy: Never
|
||||
annotations:
|
||||
annotations:
|
||||
argocd.argoproj.io/hook: PostSync
|
||||
|
||||
# List of cronjob to add
|
||||
@@ -344,6 +344,9 @@ backend:
|
||||
pdb:
|
||||
enabled: true
|
||||
|
||||
## @param backend.serviceAccountName Optional service account name to use for backend pods
|
||||
serviceAccountName: null
|
||||
|
||||
## @param backend.themeCustomization.enabled Enable theme customization
|
||||
## @param backend.themeCustomization.file_content Content of the theme customization file. Must be a json object.
|
||||
## @param backend.themeCustomization.mount_path Path where the customization file will be mounted in the backend deployment.
|
||||
@@ -480,6 +483,9 @@ frontend:
|
||||
pdb:
|
||||
enabled: true
|
||||
|
||||
## @param frontend.serviceAccountName Optional service account name to use for frontend pods
|
||||
serviceAccountName: null
|
||||
|
||||
## @section posthog
|
||||
|
||||
posthog:
|
||||
@@ -652,3 +658,6 @@ yProvider:
|
||||
## @param yProvider.pdb.enabled Enable pdb on yProvider
|
||||
pdb:
|
||||
enabled: true
|
||||
|
||||
## @param yProvider.serviceAccountName Optional service account name to use for yProvider pods
|
||||
serviceAccountName: null
|
||||
|
||||
Reference in New Issue
Block a user