From 810a060b0fd0aa342deeba03c515348742f7c2c5 Mon Sep 17 00:00:00 2001 From: tczekajlo Date: Fri, 6 Nov 2020 09:25:22 +0100 Subject: [PATCH] Make the automountServiceAccountToken parameter configurable --- charts/rasa-x/Chart.yaml | 2 +- .../db-migration-service-deployment.yaml | 2 +- .../rasa-x/templates/duckling-deployment.yaml | 2 +- .../templates/event-service-deployment.yaml | 2 +- charts/rasa-x/templates/nginx-deployment.yaml | 2 +- charts/rasa-x/templates/rasa-deployments.yaml | 2 +- .../rasa-x/templates/rasa-x-deployment.yaml | 2 +- charts/rasa-x/values.yaml | 30 +++++++++++++++++++ 8 files changed, 37 insertions(+), 7 deletions(-) diff --git a/charts/rasa-x/Chart.yaml b/charts/rasa-x/Chart.yaml index f5de43b9..7090f4c8 100644 --- a/charts/rasa-x/Chart.yaml +++ b/charts/rasa-x/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v2 -version: "1.7.3" +version: "1.7.4" appVersion: "0.33.0" name: rasa-x diff --git a/charts/rasa-x/templates/db-migration-service-deployment.yaml b/charts/rasa-x/templates/db-migration-service-deployment.yaml index aaa615a6..8ba8686e 100644 --- a/charts/rasa-x/templates/db-migration-service-deployment.yaml +++ b/charts/rasa-x/templates/db-migration-service-deployment.yaml @@ -19,7 +19,7 @@ spec: {{- include "rasa-x.selectorLabels" . | nindent 8 }} app.kubernetes.io/component: db-migration-service spec: - automountServiceAccountToken: false + automountServiceAccountToken: {{ .Values.dbMigrationService.automountServiceAccountToken }} {{ include "rasa-x.spec" . }} {{- if .Values.dbMigrationService.nodeSelector }} nodeSelector: diff --git a/charts/rasa-x/templates/duckling-deployment.yaml b/charts/rasa-x/templates/duckling-deployment.yaml index 8b51dbcb..fbbcbb9e 100644 --- a/charts/rasa-x/templates/duckling-deployment.yaml +++ b/charts/rasa-x/templates/duckling-deployment.yaml @@ -19,7 +19,7 @@ spec: {{- include "rasa-x.selectorLabels" . | nindent 8 }} app.kubernetes.io/component: duckling spec: - automountServiceAccountToken: false + automountServiceAccountToken: {{ .Values.duckling.automountServiceAccountToken }} {{ include "rasa-x.spec" . }} {{- if .Values.duckling.nodeSelector }} nodeSelector: diff --git a/charts/rasa-x/templates/event-service-deployment.yaml b/charts/rasa-x/templates/event-service-deployment.yaml index 238d3475..176abae6 100644 --- a/charts/rasa-x/templates/event-service-deployment.yaml +++ b/charts/rasa-x/templates/event-service-deployment.yaml @@ -19,7 +19,7 @@ spec: {{- include "rasa-x.selectorLabels" . | nindent 8 }} app.kubernetes.io/component: event-service spec: - automountServiceAccountToken: false + automountServiceAccountToken: {{ .Values.eventService.automountServiceAccountToken }} {{ include "rasa-x.spec" . }} {{- if .Values.eventService.nodeSelector }} nodeSelector: diff --git a/charts/rasa-x/templates/nginx-deployment.yaml b/charts/rasa-x/templates/nginx-deployment.yaml index c9c22515..6110cc5a 100644 --- a/charts/rasa-x/templates/nginx-deployment.yaml +++ b/charts/rasa-x/templates/nginx-deployment.yaml @@ -19,7 +19,7 @@ spec: {{- include "rasa-x.selectorLabels" . | nindent 8 }} app.kubernetes.io/component: nginx spec: - automountServiceAccountToken: false + automountServiceAccountToken: {{ .Values.nginx.automountServiceAccountToken }} {{ include "rasa-x.spec" . }} {{- if .Values.nginx.nodeSelector }} nodeSelector: diff --git a/charts/rasa-x/templates/rasa-deployments.yaml b/charts/rasa-x/templates/rasa-deployments.yaml index 684bd4de..6bc21137 100644 --- a/charts/rasa-x/templates/rasa-deployments.yaml +++ b/charts/rasa-x/templates/rasa-deployments.yaml @@ -24,7 +24,7 @@ spec: checksum/rasa-config: {{ include (print $.Template.BasePath "/rasa-config-files-configmap.yaml") $ | sha256sum }} checksum/rasa-secret: {{ include (print $.Template.BasePath "/rasa-secret.yaml") $ | sha256sum }} spec: - automountServiceAccountToken: false + automountServiceAccountToken: {{ $.Values.rasa.automountServiceAccountToken }} {{ include "rasa-x.spec" $ }} {{- if $.Values.rasa.nodeSelector }} nodeSelector: diff --git a/charts/rasa-x/templates/rasa-x-deployment.yaml b/charts/rasa-x/templates/rasa-x-deployment.yaml index 370829b0..06b1d0ca 100644 --- a/charts/rasa-x/templates/rasa-x-deployment.yaml +++ b/charts/rasa-x/templates/rasa-x-deployment.yaml @@ -24,7 +24,7 @@ spec: checksum/rasa-x-config: {{ include (print $.Template.BasePath "/rasa-x-config-files-configmap.yaml") . | sha256sum }} checksum/rasa-secret: {{ include (print $.Template.BasePath "/rasa-secret.yaml") . | sha256sum }} spec: - automountServiceAccountToken: false + automountServiceAccountToken: {{ .Values.rasax.automountServiceAccountToken }} {{ include "rasa-x.spec" . }} {{- if .Values.rasax.nodeSelector }} nodeSelector: diff --git a/charts/rasa-x/values.yaml b/charts/rasa-x/values.yaml index b721ee36..8ad1b738 100644 --- a/charts/rasa-x/values.yaml +++ b/charts/rasa-x/values.yaml @@ -79,6 +79,11 @@ rasax: nodeSelector: {} # "beta.kubernetes.io/instance-type": "g3.8xlarge" + # automountServiceAccountToken specifies whether the Kubernetes service account + # credentials should be automatically mounted into the pods. See more about it in + # https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server + automountServiceAccountToken: false + # rasa: Settings common for all Rasa containers rasa: # version is the Rasa Open Source version which should be used. @@ -148,6 +153,11 @@ rasa: nodeSelector: {} # "beta.kubernetes.io/instance-type": "g3.8xlarge" + # automountServiceAccountToken specifies whether the Kubernetes service account + # credentials should be automatically mounted into the pods. See more about it in + # https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server + automountServiceAccountToken: false + # versions of the Rasa container which are running versions: # rasaProduction is the container which serves the production environment @@ -246,6 +256,11 @@ dbMigrationService: # - name: tmpdir # emptyDir: {} + # automountServiceAccountToken specifies whether the Kubernetes service account + # credentials should be automatically mounted into the pods. See more about it in + # https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server + automountServiceAccountToken: false + # event-service specific settings eventService: # override the default command to run in the container @@ -291,6 +306,11 @@ eventService: # - name: tmpdir # emptyDir: {} + # automountServiceAccountToken specifies whether the Kubernetes service account + # credentials should be automatically mounted into the pods. See more about it in + # https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server + automountServiceAccountToken: false + # app (custom action server) specific settings app: # override the default command to run in the container @@ -406,6 +426,11 @@ nginx: # - name: tmpdir # emptyDir: {} + # automountServiceAccountToken specifies whether the Kubernetes service account + # credentials should be automatically mounted into the pods. See more about it in + # https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server + automountServiceAccountToken: false + # Duckling specific settings duckling: # override the default command to run in the container @@ -437,6 +462,11 @@ duckling: # resources which duckling is required / allowed to use resources: {} + # automountServiceAccountToken specifies whether the Kubernetes service account + # credentials should be automatically mounted into the pods. See more about it in + # https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server + automountServiceAccountToken: false + # rasaSecret object which supplies passwords, tokens, etc. See # https://rasa.com/docs/rasa-x/openshift-kubernetes/#providing-access-credentials-using-an-external-secret # to see which values are required in the secret in case you want to provide your own.