Skip to content
This repository has been archived by the owner on May 16, 2023. It is now read-only.

[elasticsearch]: optionally disable SA token automount #1300

Merged
merged 1 commit into from
Oct 1, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion elasticsearch/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -151,7 +151,7 @@ support multiple versions with minimal changes.
| `podSecurityPolicy` | Configuration for create a pod security policy with minimal permissions to run this Helm chart with `create: true`. Also can be used to reference an external pod security policy with `name: "externalPodSecurityPolicy"` | see [values.yaml][] |
| `priorityClassName` | The name of the [PriorityClass][]. No default is supplied as the PriorityClass must be created first | `""` |
| `protocol` | The protocol that will be used for the readiness [probe][]. Change this to `https` if you have `xpack.security.http.ssl.enabled` set | `http` |
| `rbac` | Configuration for creating a role, role binding and ServiceAccount as part of this Helm chart with `create: true`. Also can be used to reference an external ServiceAccount with `serviceAccountName: "externalServiceAccountName"` | see [values.yaml][] |
| `rbac` | Configuration for creating a role, role binding and ServiceAccount as part of this Helm chart with `create: true`. Also can be used to reference an external ServiceAccount with `serviceAccountName: "externalServiceAccountName"`, or automount the service account token | see [values.yaml][] |
| `readinessProbe` | Configuration fields for the readiness [probe][] | see [values.yaml][] |
| `replicas` | Kubernetes replica count for the StatefulSet (i.e. how many pods) | `3` |
| `resources` | Allows you to set the [resources][] for the StatefulSet | see [values.yaml][] |
Expand Down
1 change: 1 addition & 0 deletions elasticsearch/templates/statefulset.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,7 @@ spec:
{{- else if not (eq .Values.rbac.serviceAccountName "") }}
serviceAccountName: {{ .Values.rbac.serviceAccountName | quote }}
{{- end }}
automountServiceAccountToken: {{ .Values.rbac.automountToken }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | indent 6 }}
Expand Down
26 changes: 26 additions & 0 deletions elasticsearch/tests/elasticsearch_test.py
Original file line number Diff line number Diff line change
Expand Up @@ -1420,3 +1420,29 @@ def test_network_policy():
]
assert transport["ports"][0]["port"] == 9300
assert pod_selector == {"matchLabels": {"app": "elasticsearch-master",}}


def test_default_automount_sa_token():
config = """
"""
r = helm_template(config)
assert (
r["statefulset"][uname]["spec"]["template"]["spec"][
"automountServiceAccountToken"
]
== True
)


def test_disable_automount_sa_token():
config = """
rbac:
automountToken: false
"""
r = helm_template(config)
assert (
r["statefulset"][uname]["spec"]["template"]["spec"][
"automountServiceAccountToken"
]
== False
)
1 change: 1 addition & 0 deletions elasticsearch/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,7 @@ rbac:
create: false
serviceAccountAnnotations: {}
serviceAccountName: ""
automountToken: true

podSecurityPolicy:
create: false
Expand Down