1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/node-feature-discovery.git synced 2025-03-13 20:30:03 +00:00

Merge pull request #782 from mac-chaffee/add-worker-sa

Add ServiceAccount for nfd-worker
This commit is contained in:
Kubernetes Prow Robot 2022-02-28 23:43:46 -08:00 committed by GitHub
commit 9059b5dbec
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 42 additions and 6 deletions

View file

@ -52,9 +52,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{/*
Create the name of the service account to use
Create the name of the service account which the nfd master will use
*/}}
{{- define "node-feature-discovery.serviceAccountName" -}}
{{- define "node-feature-discovery.master.serviceAccountName" -}}
{{- if .Values.master.serviceAccount.create -}}
{{ default (include "node-feature-discovery.fullname" .) .Values.master.serviceAccount.name }}
{{- else -}}
@ -62,6 +62,17 @@ Create the name of the service account to use
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account which the nfd worker will use
*/}}
{{- define "node-feature-discovery.worker.serviceAccountName" -}}
{{- if .Values.worker.serviceAccount.create -}}
{{ default (printf "%s-worker" (include "node-feature-discovery.fullname" .)) .Values.worker.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.worker.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account which topologyUpdater will use
*/}}

View file

@ -11,7 +11,7 @@ roleRef:
name: {{ include "node-feature-discovery.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "node-feature-discovery.serviceAccountName" . }}
name: {{ include "node-feature-discovery.master.serviceAccountName" . }}
namespace: {{ $.Release.Namespace }}
{{- end }}

View file

@ -23,7 +23,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "node-feature-discovery.serviceAccountName" . }}
serviceAccountName: {{ include "node-feature-discovery.master.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.master.podSecurityContext | nindent 8 }}
containers:

View file

@ -2,7 +2,7 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "node-feature-discovery.serviceAccountName" . }}
name: {{ include "node-feature-discovery.master.serviceAccountName" . }}
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
{{- with .Values.master.serviceAccount.annotations }}
@ -12,7 +12,7 @@ metadata:
{{- end }}
---
{{- if .Values.topologyUpdater.serviceAccount.create -}}
{{- if .Values.topologyUpdater.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
@ -24,3 +24,17 @@ metadata:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if .Values.worker.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "node-feature-discovery.worker.serviceAccountName" . }}
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
{{- with .Values.worker.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

View file

@ -23,6 +23,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "node-feature-discovery.worker.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.worker.podSecurityContext | nindent 8 }}
containers:

View file

@ -326,6 +326,16 @@ worker:
runAsNonRoot: true
# runAsUser: 1000
serviceAccount:
# Specifies whether a service account should be created.
# We create this by default to make it easier for downstream users to apply PodSecurityPolicies.
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
# Allow users to mount the hostPath /usr/src, useful for RHCOS on s390x
# Does not work on systems without /usr/src AND a read-only /usr, such as Talos
mountUsrSrc: false