3

I added this in my values.yaml expecting the serviceAccount to be created when I do the helm install but that did not work, am I missing something ?

  • helm version v3.9.0
  • kubernetes version v1.24.0
serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: my-service-account

I even tried adding the following (based on https://helm.sh/docs/chart_best_practices/rbac/#helm), with no luck:

rbac:
  # Specifies whether RBAC resources should be created
  create: true

Thanks

tuxmobil
  • 238
  • 3
  • 10
  • 1
    Inside your templates directory , you need to have a manifest file for service account. – P.... Jun 05 '22 at 04:46
  • Thanks that works, in order to avoid creating many times the same object helm lookup can be used, check https://helm.sh/docs/chart_template_guide/functions_and_pipelines/#using-the-lookup-function – tuxmobil Jun 05 '22 at 13:20

2 Answers2

2

Thanks for the help, I ended up putting this file in the templates directory so it gets processed as you mentioned, I used helm lookup to check if the ServiceAccount is there or not so the first helm install does the installation (https://helm.sh/docs/chart_template_guide/functions_and_pipelines/#using-the-lookup-function)

{{- if not (lookup "v1" "ServiceAccount" "my-namespace" "my-service-account") }}
apiVersion: v1
kind: ServiceAccount
metadata:
  name: my-service-account
  namespace: {{ .Values.namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: my-cluster-role
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: my-cluster-role-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: my-cluster-role
subjects:
- kind: ServiceAccount
  name: my-service-account
  namespace: {{ .Values.namespace }}    
{{- end }}
tuxmobil
  • 238
  • 3
  • 10
0

You have to create the YAML or helm template into your template directory and helm will create/apply that config file to the K8s cluster.

service-account.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    app: {{ template "elasticsearch.name" . }}
    chart: {{ .Chart.Name }}-{{ .Chart.Version }}
    heritage: {{ .Release.Service }}
    release: {{ .Release.Name }}
  name: {{ template "elasticsearch.fullname" . }}

Ref :https://github.com/CenterForOpenScience/helm-charts/blob/master/elasticsearch/templates/service-account.yaml

You can add your conditions accordingly to check if create is true or false etc.

Condition or flow control doc : https://helm.sh/docs/chart_template_guide/control_structures/

Harsh Manvar
  • 27,020
  • 6
  • 48
  • 102