diff --git a/charts/kong/templates/_helpers.tpl b/charts/kong/templates/_helpers.tpl index e2f7eb0b7..1cb0f069b 100644 --- a/charts/kong/templates/_helpers.tpl +++ b/charts/kong/templates/_helpers.tpl @@ -552,6 +552,41 @@ The name of the service used for the ingress controller's validation webhook - name: {{ template "kong.fullname" . }}-tmp emptyDir: sizeLimit: {{ .Values.deployment.tmpDir.sizeLimit }} +{{- if (and (not .Values.deployment.serviceAccount.automountServiceAccountToken) (or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name)) }} +- name: {{ template "kong.serviceAccountTokenName" . }} + {{- /* Due to GKE versions (e.g. v1.23.15-gke.1900) we need to handle pre-release part of the version as well. + See the related documentation of semver module that Helm depends on for semverCompare: + https://github.com/Masterminds/semver#working-with-prerelease-versions + Related Helm issue: https://github.com/helm/helm/issues/3810 */}} + {{- if semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version }} + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + {{- else }} + secret: + secretName: {{ template "kong.serviceAccountTokenName" . }} + items: + - key: token + path: token + - key: ca.crt + path: ca.crt + - key: namespace + path: namespace + {{- end }} +{{- end }} {{- if and ( .Capabilities.APIVersions.Has "cert-manager.io/v1" ) .Values.certificates.enabled -}} {{- if .Values.certificates.cluster.enabled }} - name: {{ include "kong.fullname" . }}-cluster-cert diff --git a/charts/kong/templates/deployment.yaml b/charts/kong/templates/deployment.yaml index 0d9e28a66..0aa46ceea 100644 --- a/charts/kong/templates/deployment.yaml +++ b/charts/kong/templates/deployment.yaml @@ -302,39 +302,4 @@ spec: volumes: {{- include "kong.volumes" . | nindent 8 -}} {{- include "kong.userDefinedVolumes" . | nindent 8 -}} - {{- if (and (not .Values.deployment.serviceAccount.automountServiceAccountToken) (or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name)) }} - - name: {{ template "kong.serviceAccountTokenName" . }} - {{- /* Due to GKE versions (e.g. v1.23.15-gke.1900) we need to handle pre-release part of the version as well. - See the related documentation of semver module that Helm depends on for semverCompare: - https://github.com/Masterminds/semver#working-with-prerelease-versions - Related Helm issue: https://github.com/helm/helm/issues/3810 */}} - {{- if semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version }} - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - {{- else }} - secret: - secretName: {{ template "kong.serviceAccountTokenName" . }} - items: - - key: token - path: token - - key: ca.crt - path: ca.crt - - key: namespace - path: namespace - {{- end }} - {{- end }} {{- end }} diff --git a/charts/kong/templates/migrations-post-upgrade.yaml b/charts/kong/templates/migrations-post-upgrade.yaml index 1d591d832..6b1b38e32 100644 --- a/charts/kong/templates/migrations-post-upgrade.yaml +++ b/charts/kong/templates/migrations-post-upgrade.yaml @@ -88,40 +88,5 @@ spec: volumes: {{- include "kong.volumes" . | nindent 6 -}} {{- include "kong.userDefinedVolumes" . | nindent 6 -}} - {{- if (and (not .Values.deployment.serviceAccount.automountServiceAccountToken) (or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name)) }} - - name: {{ template "kong.serviceAccountTokenName" . }} - {{- /* Due to GKE versions (e.g. v1.23.15-gke.1900) we need to handle pre-release part of the version as well. - See the related documentation of semver module that Helm depends on for semverCompare: - https://github.com/Masterminds/semver#working-with-prerelease-versions - Related Helm issue: https://github.com/helm/helm/issues/3810 */}} - {{- if semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version }} - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - {{- else }} - secret: - secretName: {{ template "kong.serviceAccountTokenName" . }} - items: - - key: token - path: token - - key: ca.crt - path: ca.crt - - key: namespace - path: namespace - {{- end }} - {{- end }} {{- end }} {{- end }} diff --git a/charts/kong/templates/migrations-pre-upgrade.yaml b/charts/kong/templates/migrations-pre-upgrade.yaml index bd39e0beb..f5002aec9 100644 --- a/charts/kong/templates/migrations-pre-upgrade.yaml +++ b/charts/kong/templates/migrations-pre-upgrade.yaml @@ -90,40 +90,5 @@ spec: volumes: {{- include "kong.volumes" . | nindent 6 -}} {{- include "kong.userDefinedVolumes" . | nindent 6 -}} - {{- if (and (not .Values.deployment.serviceAccount.automountServiceAccountToken) (or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name)) }} - - name: {{ template "kong.serviceAccountTokenName" . }} - {{- /* Due to GKE versions (e.g. v1.23.15-gke.1900) we need to handle pre-release part of the version as well. - See the related documentation of semver module that Helm depends on for semverCompare: - https://github.com/Masterminds/semver#working-with-prerelease-versions - Related Helm issue: https://github.com/helm/helm/issues/3810 */}} - {{- if semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version }} - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - {{- else }} - secret: - secretName: {{ template "kong.serviceAccountTokenName" . }} - items: - - key: token - path: token - - key: ca.crt - path: ca.crt - - key: namespace - path: namespace - {{- end }} - {{- end }} {{- end }} {{- end }} diff --git a/charts/kong/templates/migrations.yaml b/charts/kong/templates/migrations.yaml index 594e04530..a996fcd13 100644 --- a/charts/kong/templates/migrations.yaml +++ b/charts/kong/templates/migrations.yaml @@ -98,41 +98,6 @@ spec: volumes: {{- include "kong.volumes" . | nindent 6 -}} {{- include "kong.userDefinedVolumes" . | nindent 6 -}} - {{- if (and (not .Values.deployment.serviceAccount.automountServiceAccountToken) (or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name)) }} - - name: {{ template "kong.serviceAccountTokenName" . }} - {{- /* Due to GKE versions (e.g. v1.23.15-gke.1900) we need to handle pre-release part of the version as well. - See the related documentation of semver module that Helm depends on for semverCompare: - https://github.com/Masterminds/semver#working-with-prerelease-versions - Related Helm issue: https://github.com/helm/helm/issues/3810 */}} - {{- if semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version }} - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - {{- else }} - secret: - secretName: {{ template "kong.serviceAccountTokenName" . }} - items: - - key: token - path: token - - key: ca.crt - path: ca.crt - - key: namespace - path: namespace - {{- end }} - {{- end }} {{- end }} {{- end }} {{- end }}