From 2d5232085210e21f62c6e9c5c8777650d88c171a Mon Sep 17 00:00:00 2001 From: Lianhao Lu Date: Thu, 28 Nov 2024 14:00:17 +0800 Subject: [PATCH] helm: Add service account support - part4 Add service account support in all e2e helm charts. Signed-off-by: Lianhao Lu --- helm-charts/agentqna/templates/crag.yaml | 1 + .../agentqna/templates/docretriever.yaml | 1 + .../agentqna/templates/serviceaccount.yaml | 16 +++++++++ helm-charts/agentqna/values.yaml | 20 +++++++++++ .../audioqna/templates/deployment.yaml | 1 + .../audioqna/templates/serviceaccount.yaml | 16 +++++++++ helm-charts/audioqna/values.yaml | 34 ++++++++++++++---- helm-charts/chatqna/templates/deployment.yaml | 1 + .../chatqna/templates/serviceaccount.yaml | 16 +++++++++ helm-charts/chatqna/values.yaml | 36 ++++++++++++++----- helm-charts/codegen/templates/deployment.yaml | 1 + .../codegen/templates/serviceaccount.yaml | 16 +++++++++ helm-charts/codegen/values.yaml | 34 ++++++++++++++---- .../codetrans/templates/deployment.yaml | 1 + .../codetrans/templates/serviceaccount.yaml | 16 +++++++++ helm-charts/codetrans/values.yaml | 34 ++++++++++++++---- helm-charts/docsum/templates/deployment.yaml | 1 + helm-charts/docsum/templates/m2t.yaml | 1 + .../docsum/templates/serviceaccount.yaml | 16 +++++++++ helm-charts/docsum/templates/v2a.yaml | 1 + helm-charts/docsum/values.yaml | 34 ++++++++++++++---- helm-charts/faqgen/templates/deployment.yaml | 1 + .../faqgen/templates/serviceaccount.yaml | 16 +++++++++ helm-charts/faqgen/values.yaml | 34 ++++++++++++++---- .../visualqna/templates/deployment.yaml | 1 + .../visualqna/templates/serviceaccount.yaml | 16 +++++++++ helm-charts/visualqna/values.yaml | 34 ++++++++++++++---- 27 files changed, 349 insertions(+), 50 deletions(-) create mode 100644 helm-charts/agentqna/templates/serviceaccount.yaml create mode 100644 helm-charts/audioqna/templates/serviceaccount.yaml create mode 100644 helm-charts/chatqna/templates/serviceaccount.yaml create mode 100644 helm-charts/codegen/templates/serviceaccount.yaml create mode 100644 helm-charts/codetrans/templates/serviceaccount.yaml create mode 100644 helm-charts/docsum/templates/serviceaccount.yaml create mode 100644 helm-charts/faqgen/templates/serviceaccount.yaml create mode 100644 helm-charts/visualqna/templates/serviceaccount.yaml diff --git a/helm-charts/agentqna/templates/crag.yaml b/helm-charts/agentqna/templates/crag.yaml index c6449c28..94d3c8fa 100644 --- a/helm-charts/agentqna/templates/crag.yaml +++ b/helm-charts/agentqna/templates/crag.yaml @@ -28,6 +28,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "agentqna.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/agentqna/templates/docretriever.yaml b/helm-charts/agentqna/templates/docretriever.yaml index 45c13e29..4bc30e07 100644 --- a/helm-charts/agentqna/templates/docretriever.yaml +++ b/helm-charts/agentqna/templates/docretriever.yaml @@ -28,6 +28,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "agentqna.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/agentqna/templates/serviceaccount.yaml b/helm-charts/agentqna/templates/serviceaccount.yaml new file mode 100644 index 00000000..48208624 --- /dev/null +++ b/helm-charts/agentqna/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "agentqna.serviceAccountName" . }} + labels: + {{- include "agentqna.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/agentqna/values.yaml b/helm-charts/agentqna/values.yaml index 64fa95ce..5dfdb458 100644 --- a/helm-charts/agentqna/values.yaml +++ b/helm-charts/agentqna/values.yaml @@ -7,6 +7,26 @@ replicaCount: 1 +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + securityContext: readOnlyRootFilesystem: true allowPrivilegeEscalation: false diff --git a/helm-charts/audioqna/templates/deployment.yaml b/helm-charts/audioqna/templates/deployment.yaml index 3f4ffd6b..4282fc30 100644 --- a/helm-charts/audioqna/templates/deployment.yaml +++ b/helm-charts/audioqna/templates/deployment.yaml @@ -28,6 +28,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "audioqna.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/audioqna/templates/serviceaccount.yaml b/helm-charts/audioqna/templates/serviceaccount.yaml new file mode 100644 index 00000000..a2390eac --- /dev/null +++ b/helm-charts/audioqna/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "audioqna.serviceAccountName" . }} + labels: + {{- include "audioqna.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/audioqna/values.yaml b/helm-charts/audioqna/values.yaml index e6f5c783..3fe61e7c 100644 --- a/helm-charts/audioqna/values.yaml +++ b/helm-charts/audioqna/values.yaml @@ -14,14 +14,25 @@ image: # Overrides the image tag whose default is the chart appVersion. tag: "latest" -port: 8888 -service: - type: ClusterIP - port: 3008 +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" -nginx: - service: - type: NodePort +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 securityContext: readOnlyRootFilesystem: true @@ -34,6 +45,15 @@ securityContext: seccompProfile: type: RuntimeDefault +port: 8888 +service: + type: ClusterIP + port: 3008 + +nginx: + service: + type: NodePort + nodeSelector: {} tolerations: [] diff --git a/helm-charts/chatqna/templates/deployment.yaml b/helm-charts/chatqna/templates/deployment.yaml index ced87387..6f19fee1 100644 --- a/helm-charts/chatqna/templates/deployment.yaml +++ b/helm-charts/chatqna/templates/deployment.yaml @@ -28,6 +28,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "chatqna.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/chatqna/templates/serviceaccount.yaml b/helm-charts/chatqna/templates/serviceaccount.yaml new file mode 100644 index 00000000..ce907d10 --- /dev/null +++ b/helm-charts/chatqna/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "chatqna.serviceAccountName" . }} + labels: + {{- include "chatqna.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/chatqna/values.yaml b/helm-charts/chatqna/values.yaml index 0082c2ab..edc16559 100644 --- a/helm-charts/chatqna/values.yaml +++ b/helm-charts/chatqna/values.yaml @@ -14,14 +14,25 @@ image: # Overrides the image tag whose default is the chart appVersion. tag: "latest" -port: 8888 -service: - type: ClusterIP - port: 8888 - -nginx: - service: - type: NodePort +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 securityContext: readOnlyRootFilesystem: true @@ -34,6 +45,15 @@ securityContext: seccompProfile: type: RuntimeDefault +port: 8888 +service: + type: ClusterIP + port: 8888 + +nginx: + service: + type: NodePort + nodeSelector: {} tolerations: [] diff --git a/helm-charts/codegen/templates/deployment.yaml b/helm-charts/codegen/templates/deployment.yaml index 7e271b54..d473b7a8 100644 --- a/helm-charts/codegen/templates/deployment.yaml +++ b/helm-charts/codegen/templates/deployment.yaml @@ -28,6 +28,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "codegen.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/codegen/templates/serviceaccount.yaml b/helm-charts/codegen/templates/serviceaccount.yaml new file mode 100644 index 00000000..69d35852 --- /dev/null +++ b/helm-charts/codegen/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "codegen.serviceAccountName" . }} + labels: + {{- include "codegen.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/codegen/values.yaml b/helm-charts/codegen/values.yaml index cbe72f15..ba99702b 100644 --- a/helm-charts/codegen/values.yaml +++ b/helm-charts/codegen/values.yaml @@ -14,14 +14,25 @@ image: # Overrides the image tag whose default is the chart appVersion. tag: "latest" -port: 7778 -service: - type: ClusterIP - port: 7778 +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" -nginx: - service: - type: NodePort +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 securityContext: readOnlyRootFilesystem: true @@ -34,6 +45,15 @@ securityContext: seccompProfile: type: RuntimeDefault +port: 7778 +service: + type: ClusterIP + port: 7778 + +nginx: + service: + type: NodePort + nodeSelector: {} tolerations: [] diff --git a/helm-charts/codetrans/templates/deployment.yaml b/helm-charts/codetrans/templates/deployment.yaml index aa5e2a5c..f7dba9a4 100644 --- a/helm-charts/codetrans/templates/deployment.yaml +++ b/helm-charts/codetrans/templates/deployment.yaml @@ -28,6 +28,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "codetrans.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/codetrans/templates/serviceaccount.yaml b/helm-charts/codetrans/templates/serviceaccount.yaml new file mode 100644 index 00000000..863d801b --- /dev/null +++ b/helm-charts/codetrans/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "codetrans.serviceAccountName" . }} + labels: + {{- include "codetrans.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/codetrans/values.yaml b/helm-charts/codetrans/values.yaml index 79dec68a..56e81c0c 100644 --- a/helm-charts/codetrans/values.yaml +++ b/helm-charts/codetrans/values.yaml @@ -15,14 +15,25 @@ image: # Overrides the image tag whose default is the chart appVersion. tag: "latest" -port: 7777 -service: - type: ClusterIP - port: 7777 +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" -nginx: - service: - type: NodePort +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 securityContext: readOnlyRootFilesystem: true @@ -35,6 +46,15 @@ securityContext: seccompProfile: type: RuntimeDefault +port: 7777 +service: + type: ClusterIP + port: 7777 + +nginx: + service: + type: NodePort + nodeSelector: {} tolerations: [] diff --git a/helm-charts/docsum/templates/deployment.yaml b/helm-charts/docsum/templates/deployment.yaml index f6315d70..cc2a281a 100644 --- a/helm-charts/docsum/templates/deployment.yaml +++ b/helm-charts/docsum/templates/deployment.yaml @@ -28,6 +28,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "docsum.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/docsum/templates/m2t.yaml b/helm-charts/docsum/templates/m2t.yaml index d0e6c775..897dabf8 100644 --- a/helm-charts/docsum/templates/m2t.yaml +++ b/helm-charts/docsum/templates/m2t.yaml @@ -28,6 +28,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "docsum.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/docsum/templates/serviceaccount.yaml b/helm-charts/docsum/templates/serviceaccount.yaml new file mode 100644 index 00000000..341d015f --- /dev/null +++ b/helm-charts/docsum/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "docsum.serviceAccountName" . }} + labels: + {{- include "docsum.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/docsum/templates/v2a.yaml b/helm-charts/docsum/templates/v2a.yaml index c99fd4b3..db192bfd 100644 --- a/helm-charts/docsum/templates/v2a.yaml +++ b/helm-charts/docsum/templates/v2a.yaml @@ -28,6 +28,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "docsum.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/docsum/values.yaml b/helm-charts/docsum/values.yaml index 68e29586..e24bb04d 100644 --- a/helm-charts/docsum/values.yaml +++ b/helm-charts/docsum/values.yaml @@ -33,14 +33,25 @@ m2t: type: ClusterIP port: 7079 -port: 8888 -service: - type: ClusterIP - port: 8888 +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" -nginx: - service: - type: NodePort +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 securityContext: readOnlyRootFilesystem: true @@ -53,6 +64,15 @@ securityContext: seccompProfile: type: RuntimeDefault +port: 8888 +service: + type: ClusterIP + port: 8888 + +nginx: + service: + type: NodePort + nodeSelector: {} tolerations: [] diff --git a/helm-charts/faqgen/templates/deployment.yaml b/helm-charts/faqgen/templates/deployment.yaml index b759c031..bd9bbcc4 100644 --- a/helm-charts/faqgen/templates/deployment.yaml +++ b/helm-charts/faqgen/templates/deployment.yaml @@ -28,6 +28,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "faqgen.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/faqgen/templates/serviceaccount.yaml b/helm-charts/faqgen/templates/serviceaccount.yaml new file mode 100644 index 00000000..d00a7edb --- /dev/null +++ b/helm-charts/faqgen/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "faqgen.serviceAccountName" . }} + labels: + {{- include "faqgen.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/faqgen/values.yaml b/helm-charts/faqgen/values.yaml index d382d7b0..359fba8a 100644 --- a/helm-charts/faqgen/values.yaml +++ b/helm-charts/faqgen/values.yaml @@ -14,14 +14,25 @@ image: # Overrides the image tag whose default is the chart appVersion. tag: "latest" -port: 8888 -service: - type: ClusterIP - port: 8888 +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" -nginx: - service: - type: NodePort +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 securityContext: readOnlyRootFilesystem: true @@ -34,6 +45,15 @@ securityContext: seccompProfile: type: RuntimeDefault +port: 8888 +service: + type: ClusterIP + port: 8888 + +nginx: + service: + type: NodePort + nodeSelector: {} tolerations: [] diff --git a/helm-charts/visualqna/templates/deployment.yaml b/helm-charts/visualqna/templates/deployment.yaml index 5ef74e99..1964fc6d 100644 --- a/helm-charts/visualqna/templates/deployment.yaml +++ b/helm-charts/visualqna/templates/deployment.yaml @@ -28,6 +28,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "visualqna.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm-charts/visualqna/templates/serviceaccount.yaml b/helm-charts/visualqna/templates/serviceaccount.yaml new file mode 100644 index 00000000..6447290c --- /dev/null +++ b/helm-charts/visualqna/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "visualqna.serviceAccountName" . }} + labels: + {{- include "visualqna.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm-charts/visualqna/values.yaml b/helm-charts/visualqna/values.yaml index f4a34ffd..d6bc0b46 100644 --- a/helm-charts/visualqna/values.yaml +++ b/helm-charts/visualqna/values.yaml @@ -14,13 +14,25 @@ image: # Overrides the image tag whose default is the chart appVersion. tag: "latest" -nginx: - service: - type: NodePort -port: 8888 -service: - type: ClusterIP - port: 8888 +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 securityContext: readOnlyRootFilesystem: true @@ -33,6 +45,14 @@ securityContext: seccompProfile: type: RuntimeDefault +nginx: + service: + type: NodePort +port: 8888 +service: + type: ClusterIP + port: 8888 + nodeSelector: {} tolerations: []