Deployments should respect serviceAccount.autmount value in Helm chart (

#568) * automountServiceAccountToken should use value specified in Helm chart Signed-off-by: Vidar Anima Normann <[email protected]> * Fix typo in documentation maount->mount Signed-off-by: Vidar Anima Normann <[email protected]> * Add automountServiceAccountToken that matches Values in deployments for ui, kyverno-plugin and trivy-plugin Signed-off-by: Vidar Anima Normann <[email protected]> * Correct improper reference to automount-attribute for kyverno and trivy plugins Signed-off-by: Vidar Anima Normann <[email protected]> --------- Signed-off-by: Vidar Anima Normann <[email protected]> Co-authored-by: Vidar Anima Normann <[email protected]>
kyverno · Nov 13, 2024 · 525fa79 · 525fa79
1 parent 613c454
commit 525fa79
Show file tree

Hide file tree

Showing 6 changed files with 13 additions and 10 deletions.
diff --git a/charts/policy-reporter/README.md b/charts/policy-reporter/README.md
@@ -59,7 +59,7 @@ Open `http://localhost:8082/` in your browser.
 | annotations | object | `{}` | Key/value pairs that are attached to all resources. |
 | rbac.enabled | bool | `true` | Create RBAC resources |
 | serviceAccount.create | bool | `true` | Create ServiceAccount |
-| serviceAccount.automount | bool | `true` | Enable ServiceAccount automaount |
+| serviceAccount.automount | bool | `true` | Enable ServiceAccount automount |
 | serviceAccount.annotations | object | `{}` | Annotations for the ServiceAccount |
 | serviceAccount.name | string | `""` | The ServiceAccount name |
 | service.enabled | bool | `true` | Create Service |
@@ -371,7 +371,7 @@ Open `http://localhost:8082/` in your browser.
 | ui.clusters | list | `[]` | Connected Policy Reporter APIs |
 | ui.imagePullSecrets | list | `[]` | Image pull secrets for image verification policies, this will define the `--imagePullSecrets` argument |
 | ui.serviceAccount.create | bool | `true` | Create ServiceAccount |
-| ui.serviceAccount.automount | bool | `true` | Enable ServiceAccount automaount |
+| ui.serviceAccount.automount | bool | `true` | Enable ServiceAccount automount |
 | ui.serviceAccount.annotations | object | `{}` | Annotations for the ServiceAccount |
 | ui.serviceAccount.name | string | `""` | The ServiceAccount name |
 | ui.extraManifests | list | `[]` | list of extra manifests |
@@ -431,7 +431,7 @@ Open `http://localhost:8082/` in your browser.
 | plugin.kyverno.blockReports.policyReport.annotations | list | `[]` | Annotations for all created (Cluster)PolicyReports |
 | plugin.kyverno.imagePullSecrets | list | `[]` | Image pull secrets for image verification policies, this will define the `--imagePullSecrets` argument |
 | plugin.kyverno.serviceAccount.create | bool | `true` | Create ServiceAccount |
-| plugin.kyverno.serviceAccount.automount | bool | `true` | Enable ServiceAccount automaount |
+| plugin.kyverno.serviceAccount.automount | bool | `true` | Enable ServiceAccount automount |
 | plugin.kyverno.serviceAccount.annotations | object | `{}` | Annotations for the ServiceAccount |
 | plugin.kyverno.serviceAccount.name | string | `""` | The ServiceAccount name |
 | plugin.kyverno.podAnnotations | object | `{}` | Additional annotations to add to each pod |
@@ -488,7 +488,7 @@ Open `http://localhost:8082/` in your browser.
 | plugin.trivy.policyReporter.secretRef | string | `""` | Secret to read the API configuration from supports `host`, `certificate`, `skipTLS`, `username`, `password` key |
 | plugin.trivy.imagePullSecrets | list | `[]` | Image pull secrets for image verification policies, this will define the `--imagePullSecrets` argument |
 | plugin.trivy.serviceAccount.create | bool | `true` | Create ServiceAccount |
-| plugin.trivy.serviceAccount.automount | bool | `true` | Enable ServiceAccount automaount |
+| plugin.trivy.serviceAccount.automount | bool | `true` | Enable ServiceAccount automount |
 | plugin.trivy.serviceAccount.annotations | object | `{}` | Annotations for the ServiceAccount |
 | plugin.trivy.serviceAccount.name | string | `""` | The ServiceAccount name |
 | plugin.trivy.podAnnotations | object | `{}` | Additional annotations to add to each pod |

diff --git a/charts/policy-reporter/templates/deployment.yaml b/charts/policy-reporter/templates/deployment.yaml
@@ -47,7 +47,7 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       serviceAccountName: {{ include "policyreporter.serviceAccountName" . }}
-      automountServiceAccountToken: true
+      automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
       {{- if .Values.podSecurityContext }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}

diff --git a/charts/policy-reporter/templates/plugins/kyverno/deployment.yaml b/charts/policy-reporter/templates/plugins/kyverno/deployment.yaml
@@ -34,6 +34,7 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       serviceAccountName: {{ include "kyverno-plugin.serviceAccountName" . }}
+      automountServiceAccountToken: {{ .Values.plugin.kyverno.serviceAccount.automount }}
       {{- if .Values.plugin.kyverno.podSecurityContext }}
       securityContext:
         {{- toYaml .Values.plugin.kyverno.podSecurityContext | nindent 8 }}

diff --git a/charts/policy-reporter/templates/plugins/trivy/deployment.yaml b/charts/policy-reporter/templates/plugins/trivy/deployment.yaml
@@ -34,6 +34,7 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       serviceAccountName: {{ include "trivy-plugin.serviceAccountName" . }}
+      automountServiceAccountToken: {{ .Values.plugin.trivy.serviceAccount.automount }}
       {{- if .Values.plugin.trivy.podSecurityContext }}
       securityContext:
         {{- toYaml .Values.plugin.trivy.podSecurityContext | nindent 8 }}
@@ -94,4 +95,4 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-{{- end }}
+{{- end }}
diff --git a/charts/policy-reporter/templates/ui/deployment.yaml b/charts/policy-reporter/templates/ui/deployment.yaml
@@ -35,6 +35,7 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       serviceAccountName: {{ include "ui.serviceAccountName" . }}
+      automountServiceAccountToken: {{ .Values.ui.serviceAccount.automount }}
       {{- if .Values.ui.podSecurityContext }}
       securityContext:
         {{- toYaml .Values.ui.podSecurityContext | nindent 8 }}

diff --git a/charts/policy-reporter/values.yaml b/charts/policy-reporter/values.yaml
@@ -51,7 +51,7 @@ rbac:
 serviceAccount:
   # -- Create ServiceAccount
   create: true
-  # -- Enable ServiceAccount automaount
+  # -- Enable ServiceAccount automount
   automount: true
   # -- Annotations for the ServiceAccount
   annotations: {}
@@ -974,7 +974,7 @@ ui:
   serviceAccount:
     # -- Create ServiceAccount
     create: true
-    # -- Enable ServiceAccount automaount
+    # -- Enable ServiceAccount automount
     automount: true
     # -- Annotations for the ServiceAccount
     annotations: {}
@@ -1183,7 +1183,7 @@ plugin:
     serviceAccount:
       # -- Create ServiceAccount
       create: true
-      # -- Enable ServiceAccount automaount
+      # -- Enable ServiceAccount automount
       automount: true
       # -- Annotations for the ServiceAccount
       annotations: {}
@@ -1371,7 +1371,7 @@ plugin:
     serviceAccount:
       # -- Create ServiceAccount
       create: true
-      # -- Enable ServiceAccount automaount
+      # -- Enable ServiceAccount automount
       automount: true
       # -- Annotations for the ServiceAccount
       annotations: {}