diff --git a/helm-charts/common/agent/templates/deployment.yaml b/helm-charts/common/agent/templates/deployment.yaml index 12c0e00a..dffe5cec 100644 --- a/helm-charts/common/agent/templates/deployment.yaml +++ b/helm-charts/common/agent/templates/deployment.yaml @@ -25,6 +25,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "agent.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/common/agent/templates/serviceaccount.yaml b/helm-charts/common/agent/templates/serviceaccount.yaml new file mode 100644 index 00000000..d0b50a26 --- /dev/null +++ b/helm-charts/common/agent/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "agent.serviceAccountName" . }} + labels: + {{- include "agent.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/common/agent/values.yaml b/helm-charts/common/agent/values.yaml index 9d7b236d..ad7ade4a 100644 --- a/helm-charts/common/agent/values.yaml +++ b/helm-charts/common/agent/values.yaml @@ -40,6 +40,17 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} podSecurityContext: {} diff --git a/helm-charts/common/asr/templates/deployment.yaml b/helm-charts/common/asr/templates/deployment.yaml index 309ff56c..0f7f6edf 100644 --- a/helm-charts/common/asr/templates/deployment.yaml +++ b/helm-charts/common/asr/templates/deployment.yaml @@ -25,6 +25,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "asr.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/common/asr/templates/serviceaccount.yaml b/helm-charts/common/asr/templates/serviceaccount.yaml new file mode 100644 index 00000000..28cbeaec --- /dev/null +++ b/helm-charts/common/asr/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "asr.serviceAccountName" . }} + labels: + {{- include "asr.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/common/asr/values.yaml b/helm-charts/common/asr/values.yaml index 92728e64..a67139bb 100644 --- a/helm-charts/common/asr/values.yaml +++ b/helm-charts/common/asr/values.yaml @@ -27,6 +27,17 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} podSecurityContext: {} diff --git a/helm-charts/common/chathistory-usvc/templates/deployment.yaml b/helm-charts/common/chathistory-usvc/templates/deployment.yaml index b721318e..73ea450e 100644 --- a/helm-charts/common/chathistory-usvc/templates/deployment.yaml +++ b/helm-charts/common/chathistory-usvc/templates/deployment.yaml @@ -25,6 +25,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "chathistory-usvc.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/common/chathistory-usvc/templates/serviceaccount.yaml b/helm-charts/common/chathistory-usvc/templates/serviceaccount.yaml new file mode 100644 index 00000000..ba4c751f --- /dev/null +++ b/helm-charts/common/chathistory-usvc/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "chathistory-usvc.serviceAccountName" . }} + labels: + {{- include "chathistory-usvc.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/common/chathistory-usvc/values.yaml b/helm-charts/common/chathistory-usvc/values.yaml index d5f2faa9..6df3eb1e 100644 --- a/helm-charts/common/chathistory-usvc/values.yaml +++ b/helm-charts/common/chathistory-usvc/values.yaml @@ -21,6 +21,17 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} podSecurityContext: {} diff --git a/helm-charts/common/data-prep/templates/deployment.yaml b/helm-charts/common/data-prep/templates/deployment.yaml index 30faff17..fef10401 100644 --- a/helm-charts/common/data-prep/templates/deployment.yaml +++ b/helm-charts/common/data-prep/templates/deployment.yaml @@ -25,6 +25,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "data-prep.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/common/data-prep/templates/serviceaccount.yaml b/helm-charts/common/data-prep/templates/serviceaccount.yaml new file mode 100644 index 00000000..7ba63ad3 --- /dev/null +++ b/helm-charts/common/data-prep/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "data-prep.serviceAccountName" . }} + labels: + {{- include "data-prep.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/common/data-prep/values.yaml b/helm-charts/common/data-prep/values.yaml index e35274fc..e70486a9 100644 --- a/helm-charts/common/data-prep/values.yaml +++ b/helm-charts/common/data-prep/values.yaml @@ -25,6 +25,17 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} podSecurityContext: {} diff --git a/helm-charts/common/embedding-usvc/templates/_helpers.tpl b/helm-charts/common/embedding-usvc/templates/_helpers.tpl index 229f1a5b..03d959f6 100644 --- a/helm-charts/common/embedding-usvc/templates/_helpers.tpl +++ b/helm-charts/common/embedding-usvc/templates/_helpers.tpl @@ -53,9 +53,9 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{/* Create the name of the service account to use */}} -{{- define "llm-uservice.serviceAccountName" -}} +{{- define "embedding-usvc.serviceAccountName" -}} {{- if .Values.serviceAccount.create }} -{{- default (include "llm-uservice.fullname" .) .Values.serviceAccount.name }} +{{- default (include "embedding-usvc.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} {{- end }} diff --git a/helm-charts/common/embedding-usvc/templates/deployment.yaml b/helm-charts/common/embedding-usvc/templates/deployment.yaml index 67b2fae9..45938951 100644 --- a/helm-charts/common/embedding-usvc/templates/deployment.yaml +++ b/helm-charts/common/embedding-usvc/templates/deployment.yaml @@ -25,6 +25,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "embedding-usvc.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/common/embedding-usvc/templates/serviceaccount.yaml b/helm-charts/common/embedding-usvc/templates/serviceaccount.yaml new file mode 100644 index 00000000..5a4bcb16 --- /dev/null +++ b/helm-charts/common/embedding-usvc/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "embedding-usvc.serviceAccountName" . }} + labels: + {{- include "embedding-usvc.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/common/embedding-usvc/values.yaml b/helm-charts/common/embedding-usvc/values.yaml index 66f79d78..a12ffadc 100644 --- a/helm-charts/common/embedding-usvc/values.yaml +++ b/helm-charts/common/embedding-usvc/values.yaml @@ -26,6 +26,17 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} podSecurityContext: {} diff --git a/helm-charts/common/gpt-sovits/templates/deployment.yaml b/helm-charts/common/gpt-sovits/templates/deployment.yaml index d5d6e9d9..36da72b4 100644 --- a/helm-charts/common/gpt-sovits/templates/deployment.yaml +++ b/helm-charts/common/gpt-sovits/templates/deployment.yaml @@ -25,6 +25,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "gpt-sovits.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/common/gpt-sovits/templates/serviceaccount.yaml b/helm-charts/common/gpt-sovits/templates/serviceaccount.yaml new file mode 100644 index 00000000..b2f77acd --- /dev/null +++ b/helm-charts/common/gpt-sovits/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "gpt-sovits.serviceAccountName" . }} + labels: + {{- include "gpt-sovits.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/common/gpt-sovits/values.yaml b/helm-charts/common/gpt-sovits/values.yaml index d5cff30d..428b91ed 100644 --- a/helm-charts/common/gpt-sovits/values.yaml +++ b/helm-charts/common/gpt-sovits/values.yaml @@ -18,6 +18,17 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} podSecurityContext: {}