Merge pull request #877 from kassarl/support-existing-service-accounts

feat: add helm support for existing Service Accounts
kubernetes-sigs · Jun 13, 2021 · d24456c · d24456c
2 parents 09391f7 + 5686939
commit d24456c
Show file tree

Hide file tree

Showing 13 changed files with 27 additions and 25 deletions.
diff --git a/charts/README.md b/charts/README.md
@@ -66,10 +66,13 @@ The following table lists the configurable parameters of the latest Azure Disk C
 | `image.nodeDriverRegistrar.tag`                   | csi-node-driver-registrar docker image tag                 | v2.2.0                                                       |
 | `image.nodeDriverRegistrar.pullPolicy`            | csi-node-driver-registrar image pull policy                | IfNotPresent                                                 |
 | `imagePullSecrets`                                | Specify docker-registry secret names as an array           | [] (does not add image pull secrets to deployed pods)        |                                       |
-| `serviceAccount.create`                           | whether create service account of csi-azuredisk-controller | true                                                         |
+| `serviceAccount.create`                           | whether create service account of csi-azuredisk-controller, csi-azuredisk-node, and snapshot-controller| true                                                    |
+| `serviceAccount.controller`                       | name of service account for csi-azuredisk-controller       | csi-azuredisk-controller-sa                                  |
+| `serviceAccount.node`                             | name of service account for csi-azuredisk-node             | csi-azuredisk-node-sa                                        |
+| `serviceAccount.snapshotController`               | name of service account for csi-snapshot-controller        | csi-snapshot-controller-sa                                   |
 | `rbac.create`                                     | whether create rbac of csi-azuredisk-controller            | true                                                         |
 | `controller.replicas`                             | the replicas of csi-azuredisk-controller                   | 2                                                            |
-| `controller.metricsPort`                          | metrics port of csi-azuredisk-controller                   |29604                                                        |
+| `controller.metricsPort`                          | metrics port of csi-azuredisk-controller                   | 29604                                                        |
 | `controller.runOnMaster`                          | run csi-azuredisk-controller on master node                | false                                                        |
 | `controller.logLevel`                             | controller driver log level                                                          |`5`                                                           |
 | `node.metricsPort`                                | metrics port of csi-azuredisk-node                         |29605                                                        |
@@ -82,8 +85,6 @@ The following table lists the configurable parameters of the latest Azure Disk C
 | `snapshot.image.csiSnapshotController.tag`        | snapshot-controller docker image tag                       | v3.0.3                                                      |
 | `snapshot.image.csiSnapshotController.pullPolicy` | snapshot-controller image pull policy                      | IfNotPresent                                                 |
 | `snapshot.snapshotController.replicas`            | the replicas of snapshot-controller                        | 1                                                            |
-| `snapshot.snapshotController.serviceAccount`      | whether create service account of snapshot-controller      | true                                                         |
-| `snapshot.snapshotController.rbac`                | whether create rbac of snapshot-controller                 | true                                                         |
 | `linux.enabled`                                   | whether enable linux feature                               | true                                                         |
 | `linux.kubelet`                                   | configure kubelet directory path on Linux agent node                  | `/var/lib/kubelet`                                                |
 | `linux.distro`                                   | configure ssl certificates for different Linux distribution(available values: `debian`, `fedora`)                  | `debian`                                                |

diff --git a/charts/latest/azuredisk-csi-driver-v1.4.0.tgz b/charts/latest/azuredisk-csi-driver-v1.4.0.tgz
diff --git a/charts/latest/azuredisk-csi-driver/templates/csi-azuredisk-controller.yaml b/charts/latest/azuredisk-csi-driver/templates/csi-azuredisk-controller.yaml
@@ -19,7 +19,7 @@ spec:
 {{ toYaml .Values.imagePullSecrets | indent 8 }}
       {{- end }}
       hostNetwork: true
-      serviceAccountName: csi-azuredisk-controller-sa
+      serviceAccountName: {{ .Values.serviceAccount.controller }}
       nodeSelector:
         kubernetes.io/os: linux
         {{- if .Values.controller.runOnMaster}}

diff --git a/charts/latest/azuredisk-csi-driver/templates/csi-azuredisk-node-windows.yaml b/charts/latest/azuredisk-csi-driver/templates/csi-azuredisk-node-windows.yaml
@@ -14,7 +14,7 @@ spec:
 {{ include "azuredisk.labels" . | indent 6 }}
         app: csi-azuredisk-node-win
     spec:
-      serviceAccountName: csi-azuredisk-node-sa
+      serviceAccountName: {{ .Values.serviceAccount.node }}
       tolerations:
         - key: "node.kubernetes.io/os"
           operator: "Exists"

diff --git a/charts/latest/azuredisk-csi-driver/templates/csi-azuredisk-node.yaml b/charts/latest/azuredisk-csi-driver/templates/csi-azuredisk-node.yaml
@@ -20,7 +20,7 @@ spec:
       {{- end }}
       hostNetwork: true
       dnsPolicy: ClusterFirstWithHostNet
-      serviceAccountName: csi-azuredisk-node-sa
+      serviceAccountName: {{ .Values.serviceAccount.node }}
       nodeSelector:
         kubernetes.io/os: linux
       affinity:

diff --git a/charts/latest/azuredisk-csi-driver/templates/csi-snapshot-controller.yaml b/charts/latest/azuredisk-csi-driver/templates/csi-snapshot-controller.yaml
@@ -15,7 +15,7 @@ spec:
 {{ include "azuredisk.labels" . | indent 6 }}
         app: csi-snapshot-controller
     spec:
-      serviceAccountName: csi-snapshot-controller-sa
+      serviceAccountName: {{ .Values.serviceAccount.snapshotController }}
       nodeSelector:
         kubernetes.io/os: linux
       priorityClassName: system-cluster-critical

diff --git a/charts/latest/azuredisk-csi-driver/templates/rbac-csi-azuredisk-controller.yaml b/charts/latest/azuredisk-csi-driver/templates/rbac-csi-azuredisk-controller.yaml
@@ -42,7 +42,7 @@ metadata:
 {{ include "azuredisk.labels" . | indent 2 }}
 subjects:
   - kind: ServiceAccount
-    name: csi-azuredisk-controller-sa
+    name: {{ .Values.serviceAccount.controller }}
     namespace: {{ .Release.Namespace }}
 roleRef:
   kind: ClusterRole
@@ -84,7 +84,7 @@ metadata:
 {{ include "azuredisk.labels" . | indent 2 }}
 subjects:
   - kind: ServiceAccount
-    name: csi-azuredisk-controller-sa
+    name: {{ .Values.serviceAccount.controller }}
     namespace: {{ .Release.Namespace }}
 roleRef:
   kind: ClusterRole
@@ -129,7 +129,7 @@ metadata:
 {{ include "azuredisk.labels" . | indent 2 }}
 subjects:
   - kind: ServiceAccount
-    name: csi-azuredisk-controller-sa
+    name: {{ .Values.serviceAccount.controller }}
     namespace: {{ .Release.Namespace }}
 roleRef:
   kind: ClusterRole
@@ -169,7 +169,7 @@ metadata:
 {{ include "azuredisk.labels" . | indent 2 }}
 subjects:
   - kind: ServiceAccount
-    name: csi-azuredisk-controller-sa
+    name: {{ .Values.serviceAccount.controller }}
     namespace: {{ .Release.Namespace }}
 roleRef:
   kind: ClusterRole
@@ -193,7 +193,7 @@ metadata:
   name: csi-azuredisk-controller-secret-binding
 subjects:
   - kind: ServiceAccount
-    name: csi-azuredisk-controller-sa
+    name: {{ .Values.serviceAccount.controller }}
     namespace: {{ .Release.Namespace }}
 roleRef:
   kind: ClusterRole

diff --git a/charts/latest/azuredisk-csi-driver/templates/rbac-csi-azuredisk-node.yaml b/charts/latest/azuredisk-csi-driver/templates/rbac-csi-azuredisk-node.yaml
@@ -16,7 +16,7 @@ metadata:
   name: csi-azuredisk-node-secret-binding
 subjects:
   - kind: ServiceAccount
-    name: csi-azuredisk-node-sa
+    name: {{ .Values.serviceAccount.node }}
     namespace: {{ .Release.Namespace }}
 roleRef:
   kind: ClusterRole

diff --git a/charts/latest/azuredisk-csi-driver/templates/rbac-csi-snapshot-controller.yaml b/charts/latest/azuredisk-csi-driver/templates/rbac-csi-snapshot-controller.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.snapshot.enabled .Values.snapshot.snapshotController.rbac -}}
+{{- if and .Values.snapshot.enabled .Values.rbac.create -}}
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
@@ -36,7 +36,7 @@ metadata:
   name: csi-snapshot-controller-binding
 subjects:
   - kind: ServiceAccount
-    name: csi-snapshot-controller-sa
+    name: {{ .Values.serviceAccount.snapshotController }}
     namespace: {{ .Release.Namespace }}
 roleRef:
   kind: ClusterRole
@@ -60,7 +60,7 @@ metadata:
   name: csi-snapshot-controller-leaderelection-binding
 subjects:
   - kind: ServiceAccount
-    name: csi-snapshot-controller-sa
+    name: {{ .Values.serviceAccount.snapshotController }}
     namespace: {{ .Release.Namespace }}
 roleRef:
   kind: ClusterRole

diff --git a/charts/latest/azuredisk-csi-driver/templates/serviceaccount-csi-azuredisk-controller.yaml b/charts/latest/azuredisk-csi-driver/templates/serviceaccount-csi-azuredisk-controller.yaml
@@ -2,7 +2,7 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: csi-azuredisk-controller-sa
+  name: {{ .Values.serviceAccount.controller }}
   namespace: {{ .Release.Namespace }}
 {{ include "azuredisk.labels" . | indent 2 }}
 {{- end -}}
diff --git a/charts/latest/azuredisk-csi-driver/templates/serviceaccount-csi-azuredisk-node.yaml b/charts/latest/azuredisk-csi-driver/templates/serviceaccount-csi-azuredisk-node.yaml
@@ -2,7 +2,7 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: csi-azuredisk-node-sa
+  name: {{ .Values.serviceAccount.node }}
   namespace: {{ .Release.Namespace }}
 {{ include "azuredisk.labels" . | indent 2 }}
 {{- end -}}
diff --git a/charts/latest/azuredisk-csi-driver/templates/serviceaccount-csi-snapshot-controller.yaml b/charts/latest/azuredisk-csi-driver/templates/serviceaccount-csi-snapshot-controller.yaml
@@ -1,7 +1,7 @@
-{{- if and .Values.snapshot.enabled .Values.snapshot.snapshotController.serviceAccount -}}
+{{- if and .Values.snapshot.enabled .Values.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: csi-snapshot-controller-sa
+  name: {{ .Values.serviceAccount.snapshotController }}
   namespace: {{ .Release.Namespace }}
 {{- end -}}
diff --git a/charts/latest/azuredisk-csi-driver/values.yaml b/charts/latest/azuredisk-csi-driver/values.yaml
@@ -25,11 +25,14 @@ image:
     pullPolicy: IfNotPresent
 
 serviceAccount:
-  create: true
+  create: true # When true, service accounts will be created for you. Set to false if you want to use your own.
+  controller: csi-azuredisk-controller-sa # Name of Service Account to be created or used
+  node: csi-azuredisk-node-sa # Name of Service Account to be created or used
+  snapshotController: csi-snapshot-controller-sa # Name of Service Account to be created or used
 
 rbac:
   create: true
-
+  
 controller:
   replicas: 2
   metricsPort: 29604
@@ -59,8 +62,6 @@ snapshot:
       pullPolicy: IfNotPresent
   snapshotController:
     replicas: 1
-    serviceAccount: true
-    rbac: true
 
 feature:
   enableFSGroupPolicy: false