Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit6187653

Browse files
committed
fix(helm): default serviceAccount.disableCreate=false, add tests
1 parent57386ed commit6187653

File tree

4 files changed

+187
-1
lines changed

4 files changed

+187
-1
lines changed

‎helm/coder/tests/chart_test.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -88,6 +88,10 @@ var testCases = []testCase{
8888
name:"sa_extra_rules",
8989
expectedError:"",
9090
},
91+
{
92+
name:"sa_disabled",
93+
expectedError:"",
94+
},
9195
}
9296

9397
typetestCasestruct {
Lines changed: 177 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,177 @@
1+
---
2+
# Source: coder/templates/rbac.yaml
3+
apiVersion: rbac.authorization.k8s.io/v1
4+
kind: Role
5+
metadata:
6+
name: coder-workspace-perms
7+
rules:
8+
- apiGroups: [""]
9+
resources: ["pods"]
10+
verbs:
11+
- create
12+
- delete
13+
- deletecollection
14+
- get
15+
- list
16+
- patch
17+
- update
18+
- watch
19+
- apiGroups: [""]
20+
resources: ["persistentvolumeclaims"]
21+
verbs:
22+
- create
23+
- delete
24+
- deletecollection
25+
- get
26+
- list
27+
- patch
28+
- update
29+
- watch
30+
- apiGroups:
31+
- apps
32+
resources:
33+
- deployments
34+
verbs:
35+
- create
36+
- delete
37+
- deletecollection
38+
- get
39+
- list
40+
- patch
41+
- update
42+
- watch
43+
---
44+
# Source: coder/templates/rbac.yaml
45+
apiVersion: rbac.authorization.k8s.io/v1
46+
kind: RoleBinding
47+
metadata:
48+
name: "coder"
49+
subjects:
50+
- kind: ServiceAccount
51+
name: "coder"
52+
roleRef:
53+
apiGroup: rbac.authorization.k8s.io
54+
kind: Role
55+
name: coder-workspace-perms
56+
---
57+
# Source: coder/templates/service.yaml
58+
apiVersion: v1
59+
kind: Service
60+
metadata:
61+
name: coder
62+
labels:
63+
helm.sh/chart: coder-0.1.0
64+
app.kubernetes.io/name: coder
65+
app.kubernetes.io/instance: release-name
66+
app.kubernetes.io/part-of: coder
67+
app.kubernetes.io/version: "0.1.0"
68+
app.kubernetes.io/managed-by: Helm
69+
annotations:
70+
{}
71+
spec:
72+
type: LoadBalancer
73+
sessionAffinity: None
74+
ports:
75+
- name: "http"
76+
port: 80
77+
targetPort: "http"
78+
protocol: TCP
79+
80+
externalTrafficPolicy: "Cluster"
81+
selector:
82+
app.kubernetes.io/name: coder
83+
app.kubernetes.io/instance: release-name
84+
---
85+
# Source: coder/templates/coder.yaml
86+
---
87+
apiVersion: apps/v1
88+
kind: Deployment
89+
metadata:
90+
annotations: {}
91+
labels:
92+
app.kubernetes.io/instance: release-name
93+
app.kubernetes.io/managed-by: Helm
94+
app.kubernetes.io/name: coder
95+
app.kubernetes.io/part-of: coder
96+
app.kubernetes.io/version: 0.1.0
97+
helm.sh/chart: coder-0.1.0
98+
name: coder
99+
spec:
100+
replicas: 1
101+
selector:
102+
matchLabels:
103+
app.kubernetes.io/instance: release-name
104+
app.kubernetes.io/name: coder
105+
template:
106+
metadata:
107+
annotations: {}
108+
labels:
109+
app.kubernetes.io/instance: release-name
110+
app.kubernetes.io/managed-by: Helm
111+
app.kubernetes.io/name: coder
112+
app.kubernetes.io/part-of: coder
113+
app.kubernetes.io/version: 0.1.0
114+
helm.sh/chart: coder-0.1.0
115+
spec:
116+
affinity:
117+
podAntiAffinity:
118+
preferredDuringSchedulingIgnoredDuringExecution:
119+
- podAffinityTerm:
120+
labelSelector:
121+
matchExpressions:
122+
- key: app.kubernetes.io/instance
123+
operator: In
124+
values:
125+
- coder
126+
topologyKey: kubernetes.io/hostname
127+
weight: 1
128+
containers:
129+
- args:
130+
- server
131+
command:
132+
- /opt/coder
133+
env:
134+
- name: CODER_HTTP_ADDRESS
135+
value: 0.0.0.0:8080
136+
- name: CODER_PROMETHEUS_ADDRESS
137+
value: 0.0.0.0:2112
138+
- name: CODER_ACCESS_URL
139+
value: http://coder.default.svc.cluster.local
140+
- name: KUBE_POD_IP
141+
valueFrom:
142+
fieldRef:
143+
fieldPath: status.podIP
144+
- name: CODER_DERP_SERVER_RELAY_URL
145+
value: http://$(KUBE_POD_IP):8080
146+
image: ghcr.io/coder/coder:latest
147+
imagePullPolicy: IfNotPresent
148+
lifecycle: {}
149+
livenessProbe:
150+
httpGet:
151+
path: /healthz
152+
port: http
153+
scheme: HTTP
154+
name: coder
155+
ports:
156+
- containerPort: 8080
157+
name: http
158+
protocol: TCP
159+
readinessProbe:
160+
httpGet:
161+
path: /healthz
162+
port: http
163+
scheme: HTTP
164+
resources: {}
165+
securityContext:
166+
allowPrivilegeEscalation: false
167+
readOnlyRootFilesystem: null
168+
runAsGroup: 1000
169+
runAsNonRoot: true
170+
runAsUser: 1000
171+
seccompProfile:
172+
type: RuntimeDefault
173+
volumeMounts: []
174+
restartPolicy: Always
175+
serviceAccountName: coder
176+
terminationGracePeriodSeconds: 60
177+
volumes: []
Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
coder:
2+
image:
3+
tag:latest
4+
serviceAccount:
5+
disableCreate:true

‎helm/coder/values.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -114,7 +114,7 @@ coder:
114114
# coder.serviceAccount.name -- The service account name
115115
name:coder
116116
# coder.serviceAccount.name -- Whether to create the service account or use existing service account
117-
disableCreate:true
117+
disableCreate:false
118118

119119
# coder.securityContext -- Fields related to the container's security
120120
# context (as opposed to the pod). Some fields are also present in the pod

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp