30 lines
1.3 KiB
YAML
30 lines
1.3 KiB
YAML
# this is a carbon copy of the regular serviceAccount object which is only used to run pre-deploy jobs
|
|
# upon first install of the chart. it will be deleted by Helm after the pre-deploy hooks run, then the
|
|
# regular serviceAccount is created with the same name and exists for the lifetime of the release.
|
|
{{- $proxy := mustMergeOverwrite (mustDeepCopy .Values) .Values.proxy -}}
|
|
{{- $projectedServiceAccountToken := semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version }}
|
|
{{- if $proxy.validateConfigOnDeploy }}
|
|
{{- if $proxy.serviceAccount.create }}
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: {{ include "teleport-cluster.proxy.hookServiceAccountName" . }}
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
{{- include "teleport-cluster.proxy.labels" . | nindent 4 }}
|
|
{{- if $proxy.extraLabels.serviceAccount }}
|
|
{{- toYaml $proxy.extraLabels.serviceAccount | nindent 4 }}
|
|
{{- end }}
|
|
annotations:
|
|
"helm.sh/hook": pre-install,pre-upgrade
|
|
"helm.sh/hook-weight": "3"
|
|
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
|
{{- if $proxy.annotations.serviceAccount }}
|
|
{{- toYaml $proxy.annotations.serviceAccount | nindent 4 }}
|
|
{{- end -}}
|
|
{{- if $projectedServiceAccountToken }}
|
|
automountServiceAccountToken: false
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}
|