From 063f27d8fe18bcd4a351fbad7a552e620e885933 Mon Sep 17 00:00:00 2001 From: Andrew Azores Date: Fri, 29 Nov 2024 11:38:03 -0500 Subject: [PATCH] fix(serviceaccount): non-Cryostat Pods run as default serviceaccount --- charts/cryostat/templates/db_deployment.yaml | 1 - charts/cryostat/templates/reports_deployment.yaml | 1 - charts/cryostat/templates/storage_deployment.yaml | 1 - charts/cryostat/tests/db_deployment_test.yaml | 3 +-- charts/cryostat/tests/reports_deployment_test.yaml | 3 +-- charts/cryostat/tests/storage_deployment_test.yaml | 3 +-- 6 files changed, 3 insertions(+), 9 deletions(-) diff --git a/charts/cryostat/templates/db_deployment.yaml b/charts/cryostat/templates/db_deployment.yaml index c6c753f..6ac1cf4 100644 --- a/charts/cryostat/templates/db_deployment.yaml +++ b/charts/cryostat/templates/db_deployment.yaml @@ -29,7 +29,6 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - serviceAccountName: {{ include "cryostat.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/charts/cryostat/templates/reports_deployment.yaml b/charts/cryostat/templates/reports_deployment.yaml index 05c846d..648a668 100644 --- a/charts/cryostat/templates/reports_deployment.yaml +++ b/charts/cryostat/templates/reports_deployment.yaml @@ -30,7 +30,6 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - serviceAccountName: {{ include "cryostat.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/charts/cryostat/templates/storage_deployment.yaml b/charts/cryostat/templates/storage_deployment.yaml index 3031633..738341a 100644 --- a/charts/cryostat/templates/storage_deployment.yaml +++ b/charts/cryostat/templates/storage_deployment.yaml @@ -29,7 +29,6 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - serviceAccountName: {{ include "cryostat.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/charts/cryostat/tests/db_deployment_test.yaml b/charts/cryostat/tests/db_deployment_test.yaml index fa1ff93..7e713cd 100644 --- a/charts/cryostat/tests/db_deployment_test.yaml +++ b/charts/cryostat/tests/db_deployment_test.yaml @@ -31,9 +31,8 @@ tests: app.kubernetes.io/name: cryostat app.kubernetes.io/component: db app.kubernetes.io/part-of: cryostat - - equal: + - notExists: path: spec.template.spec.serviceAccountName - value: RELEASE-NAME-cryostat - equal: path: spec.template.spec.securityContext.runAsNonRoot value: true diff --git a/charts/cryostat/tests/reports_deployment_test.yaml b/charts/cryostat/tests/reports_deployment_test.yaml index 28ebff6..21c270a 100644 --- a/charts/cryostat/tests/reports_deployment_test.yaml +++ b/charts/cryostat/tests/reports_deployment_test.yaml @@ -39,9 +39,8 @@ tests: app.kubernetes.io/name: cryostat app.kubernetes.io/part-of: cryostat app.kubernetes.io/component: reports - - equal: + - notExists: path: spec.template.spec.serviceAccountName - value: RELEASE-NAME-cryostat - equal: path: spec.template.spec.securityContext.runAsNonRoot value: true diff --git a/charts/cryostat/tests/storage_deployment_test.yaml b/charts/cryostat/tests/storage_deployment_test.yaml index a077cd0..feb681f 100644 --- a/charts/cryostat/tests/storage_deployment_test.yaml +++ b/charts/cryostat/tests/storage_deployment_test.yaml @@ -31,9 +31,8 @@ tests: app.kubernetes.io/name: cryostat app.kubernetes.io/component: storage app.kubernetes.io/part-of: cryostat - - equal: + - notExists: path: spec.template.spec.serviceAccountName - value: RELEASE-NAME-cryostat - equal: path: spec.template.spec.securityContext.runAsNonRoot value: true