diff --git a/charts/postgres-operator/templates/_helpers.tpl b/charts/postgres-operator/templates/_helpers.tpl index b0a0d20e5..306613ac3 100644 --- a/charts/postgres-operator/templates/_helpers.tpl +++ b/charts/postgres-operator/templates/_helpers.tpl @@ -24,6 +24,13 @@ If release name contains chart name it will be used as a full name. {{- end -}} {{- end -}} +{{/* +Create a service account name. +*/}} +{{- define "postgres-operator.serviceAccountName" -}} +{{ default (include "postgres-operator.fullname" .) .Values.serviceAccount.name }} +{{- end -}} + {{/* Create chart name and version as used by the chart label. */}} diff --git a/charts/postgres-operator/templates/clusterrole.yaml b/charts/postgres-operator/templates/clusterrole.yaml index ef421df93..b10523542 100644 --- a/charts/postgres-operator/templates/clusterrole.yaml +++ b/charts/postgres-operator/templates/clusterrole.yaml @@ -2,11 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: - name: {{- if eq .Values.serviceAccount.name "" }} - {{ template "postgres-operator.fullname" . }} - {{- else }} - {{ .Values.serviceAccount.name }} - {{- end }} + name: {{ include "postgres-operator.serviceAccountName" . }} labels: app.kubernetes.io/name: {{ template "postgres-operator.name" . }} helm.sh/chart: {{ template "postgres-operator.chart" . }} @@ -145,11 +141,7 @@ rules: verbs: - bind resourceNames: - - {{- if eq .Values.serviceAccount.name "" }} - {{ template "postgres-operator.fullname" . }} - {{- else }} - {{ .Values.serviceAccount.name }} - {{- end }} + - {{ include "postgres-operator.serviceAccountName" . }} - apiGroups: - batch resources: diff --git a/charts/postgres-operator/templates/clusterrolebinding.yaml b/charts/postgres-operator/templates/clusterrolebinding.yaml index 7e71ce6cb..bfa21b42f 100644 --- a/charts/postgres-operator/templates/clusterrolebinding.yaml +++ b/charts/postgres-operator/templates/clusterrolebinding.yaml @@ -2,11 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{- if eq .Values.serviceAccount.name "" }} - {{ template "postgres-operator.fullname" . }} - {{- else }} - {{ .Values.serviceAccount.name }} - {{- end }} + name: {{ include "postgres-operator.serviceAccountName" . }} labels: app.kubernetes.io/name: {{ template "postgres-operator.name" . }} helm.sh/chart: {{ template "postgres-operator.chart" . }} @@ -15,19 +11,11 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{- if eq .Values.serviceAccount.name "" }} - {{ template "postgres-operator.fullname" . }} - {{- else }} - {{ .Values.serviceAccount.name }} - {{- end }} + name: {{ include "postgres-operator.serviceAccountName" . }} subjects: - kind: ServiceAccount # note: the cluster role binding needs to be defined # for every namespace the operator service account lives in. - name: {{- if eq .Values.serviceAccount.name "" }} - {{ template "postgres-operator.fullname" . }} - {{- else }} - {{ .Values.serviceAccount.name }} - {{- end }} + name: {{ include "postgres-operator.serviceAccountName" . }} namespace: {{ .Release.Namespace }} {{ end }} diff --git a/charts/postgres-operator/templates/configmap.yaml b/charts/postgres-operator/templates/configmap.yaml index 62c8f2b81..95eeb9546 100644 --- a/charts/postgres-operator/templates/configmap.yaml +++ b/charts/postgres-operator/templates/configmap.yaml @@ -9,11 +9,7 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/instance: {{ .Release.Name }} data: - pod_service_account_name: {{- if eq .Values.serviceAccount.name "" }} - {{ template "postgres-operator.fullname" . }} - {{- else }} - {{ .Values.serviceAccount.name }} - {{- end }} + pod_service_account_name: {{ include "postgres-operator.serviceAccountName" . }} {{ toYaml .Values.configGeneral | indent 2 }} {{ toYaml .Values.configUsers | indent 2 }} {{ toYaml .Values.configKubernetes | indent 2 }} diff --git a/charts/postgres-operator/templates/deployment.yaml b/charts/postgres-operator/templates/deployment.yaml index 7010b07ac..1f7e39bbc 100644 --- a/charts/postgres-operator/templates/deployment.yaml +++ b/charts/postgres-operator/templates/deployment.yaml @@ -31,11 +31,7 @@ spec: {{ toYaml .Values.podLabels | indent 8 }} {{- end }} spec: - serviceAccountName: {{- if eq .Values.serviceAccount.name "" }} - {{ template "postgres-operator.fullname" . }} - {{- else }} - {{ .Values.serviceAccount.name }} - {{- end }} + serviceAccountName: {{ include "postgres-operator.serviceAccountName" . }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}" diff --git a/charts/postgres-operator/templates/serviceaccount.yaml b/charts/postgres-operator/templates/serviceaccount.yaml index 01ab2bc00..e04e8ad62 100644 --- a/charts/postgres-operator/templates/serviceaccount.yaml +++ b/charts/postgres-operator/templates/serviceaccount.yaml @@ -2,11 +2,7 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: {{- if eq .Values.serviceAccount.name "" }} - {{ template "postgres-operator.fullname" . }} - {{- else }} - {{ .Values.serviceAccount.name }} - {{- end }} + name: {{ include "postgres-operator.serviceAccountName" . }} labels: app.kubernetes.io/name: {{ template "postgres-operator.name" . }} helm.sh/chart: {{ template "postgres-operator.chart" . }} diff --git a/charts/postgres-operator/values-crd.yaml b/charts/postgres-operator/values-crd.yaml index 227ddba25..381b6c310 100644 --- a/charts/postgres-operator/values-crd.yaml +++ b/charts/postgres-operator/values-crd.yaml @@ -245,7 +245,7 @@ serviceAccount: # If not set and create is true, a name is generated using the fullname template # When relying solely on the OperatorConfiguration CRD, set this value to "operator" # Otherwise, the operator tries to use the "default" service account which is forbidden - name: "operator" + name: operator priorityClassName: "" diff --git a/charts/postgres-operator/values.yaml b/charts/postgres-operator/values.yaml index 51a0a6ed9..546efabf4 100644 --- a/charts/postgres-operator/values.yaml +++ b/charts/postgres-operator/values.yaml @@ -226,7 +226,7 @@ serviceAccount: # If not set and create is true, a name is generated using the fullname template # When relying solely on the OperatorConfiguration CRD, set this value to "operator" # Otherwise, the operator tries to use the "default" service account which is forbidden - name: "" + name: priorityClassName: ""