27 lines
1004 B
YAML
27 lines
1004 B
YAML
{{- $auth := mustMergeOverwrite (mustDeepCopy .Values) .Values.auth -}}
|
|
{{- $projectedServiceAccountToken := semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version }}
|
|
{{- if $auth.serviceAccount.create -}}
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: {{ template "teleport-cluster.auth.serviceAccountName" . }}
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
{{- include "teleport-cluster.auth.labels" . | nindent 4 }}
|
|
{{- if $auth.extraLabels.serviceAccount }}
|
|
{{- toYaml $auth.extraLabels.serviceAccount | nindent 4 }}
|
|
{{- end }}
|
|
{{- if or $auth.annotations.serviceAccount $auth.azure.clientID }}
|
|
annotations:
|
|
{{- if $auth.annotations.serviceAccount }}
|
|
{{- toYaml $auth.annotations.serviceAccount | nindent 4 }}
|
|
{{- end }}
|
|
{{- if $auth.azure.clientID }}
|
|
azure.workload.identity/client-id: "{{ $auth.azure.clientID }}"
|
|
{{- end }}
|
|
{{- end -}}
|
|
{{- if $projectedServiceAccountToken }}
|
|
automountServiceAccountToken: false
|
|
{{- end }}
|
|
{{- end }}
|