From eeb332df9eb1f287b015bc58148f24b23ef6fd8d Mon Sep 17 00:00:00 2001
From: Zhenghao Zhang <zhangzhenghao@hotmail.com>
Date: Sun, 5 Mar 2023 14:47:05 +0800
Subject: [PATCH] Add service account

---
 charts/gorse-manager/README.md                | 10 +++++++++
 charts/gorse-manager/templates/_helpers.tpl   | 11 ++++++++++
 .../gorse-manager/templates/deployment.yaml   |  1 +
 .../templates/serviceaccount.yml              | 19 ++++++++++++++++
 charts/gorse-manager/values.yaml              | 22 +++++++++++++++++++
 5 files changed, 63 insertions(+)
 create mode 100644 charts/gorse-manager/templates/serviceaccount.yml

diff --git a/charts/gorse-manager/README.md b/charts/gorse-manager/README.md
index fe142eb..3375152 100644
--- a/charts/gorse-manager/README.md
+++ b/charts/gorse-manager/README.md
@@ -117,6 +117,16 @@ This starts an HTTP proxy for secure access to the Gorse Manager Dashboard. Visi
 | `tolerations`                      | Tolerations for Gorse server pods assignment                                                                                     | `[]`                      |
 
 
+### Other Parameters
+
+| Name                                          | Description                                                            | Value   |
+| --------------------------------------------- | ---------------------------------------------------------------------- | ------- |
+| `serviceAccount.create`                       | Enable creation of ServiceAccount for Gorse Manager pod                | `false` |
+| `serviceAccount.name`                         | The name of the ServiceAccount to use.                                 | `""`    |
+| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `true`  |
+| `serviceAccount.annotations`                  | Additional custom annotations for the ServiceAccount                   | `{}`    |
+
+
 ### Database Parameters
 
 | Name                                         | Description                                                               | Value               |
diff --git a/charts/gorse-manager/templates/_helpers.tpl b/charts/gorse-manager/templates/_helpers.tpl
index 97e97a7..e79259e 100644
--- a/charts/gorse-manager/templates/_helpers.tpl
+++ b/charts/gorse-manager/templates/_helpers.tpl
@@ -1,5 +1,16 @@
 {{/* vim: set filetype=mustache: */}}
 
+{{/*
+ Create the name of the service account to use
+ */}}
+{{- define "gorse.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
 {{/*
 Create a default fully qualified mongodb name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
diff --git a/charts/gorse-manager/templates/deployment.yaml b/charts/gorse-manager/templates/deployment.yaml
index 57da964..14e0fc8 100644
--- a/charts/gorse-manager/templates/deployment.yaml
+++ b/charts/gorse-manager/templates/deployment.yaml
@@ -48,6 +48,7 @@ spec:
       {{- if .Values.tolerations }}
       tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
       {{- end }}
+      serviceAccountName: {{ include "gorse.serviceAccountName" .}}
       containers:
         - name: {{ .Chart.Name }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
diff --git a/charts/gorse-manager/templates/serviceaccount.yml b/charts/gorse-manager/templates/serviceaccount.yml
new file mode 100644
index 0000000..6794bce
--- /dev/null
+++ b/charts/gorse-manager/templates/serviceaccount.yml
@@ -0,0 +1,19 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "gorse.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- if .Values.serviceAccount.annotations }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.serviceAccount.annotations "context" $) | nindent 4 }}
+    {{- end }}
+    {{- if .Values.commonAnnotations }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }}
+    {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
+{{- end -}}
diff --git a/charts/gorse-manager/values.yaml b/charts/gorse-manager/values.yaml
index 04686ab..18d1f0a 100644
--- a/charts/gorse-manager/values.yaml
+++ b/charts/gorse-manager/values.yaml
@@ -287,6 +287,28 @@ nodeSelector: {}
 ##
 tolerations: []
 
+## @section Other Parameters
+##
+
+## Gorse Manager Service Account
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+##
+serviceAccount:
+  ## @param serviceAccount.create Enable creation of ServiceAccount for Gorse Manager pod
+  ##
+  create: false
+  ## @param serviceAccount.name The name of the ServiceAccount to use.
+  ## If not set and create is true, a name is generated using the common.names.fullname template
+  ##
+  name: ""
+  ## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created
+  ## Can be set to false if pods using this serviceAccount do not need to use K8s API
+  ##
+  automountServiceAccountToken: true
+  ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount
+  ##
+  annotations: {}
+
 ## @section Database Parameters
 ##