From ef720d2d6a86d24db711fcd59f9842d3f82a807d Mon Sep 17 00:00:00 2001
From: Lianhao Lu <lianhao.lu@intel.com>
Date: Thu, 28 Nov 2024 12:16:48 +0800
Subject: [PATCH 1/2] helm: Add service account support in common services
1. Add service account creation support, disabled by default.
2. Add support of sharing the same service account by setting
global.sharedSAName, disabled by default.
Signed-off-by: Lianhao Lu <lianhao.lu@intel.com>
---
helm-charts/common/agent/templates/_helpers.tpl | 4 +++-
.../common/agent/templates/deployment.yaml | 1 +
.../common/agent/templates/serviceaccount.yaml | 16 ++++++++++++++++
helm-charts/common/agent/values.yaml | 15 +++++++++++++++
helm-charts/common/asr/templates/_helpers.tpl | 4 +++-
.../common/asr/templates/deployment.yaml | 1 +
.../common/asr/templates/serviceaccount.yaml | 16 ++++++++++++++++
helm-charts/common/asr/values.yaml | 15 +++++++++++++++
.../chathistory-usvc/templates/_helpers.tpl | 4 +++-
.../chathistory-usvc/templates/deployment.yaml | 1 +
.../templates/serviceaccount.yaml | 16 ++++++++++++++++
helm-charts/common/chathistory-usvc/values.yaml | 15 +++++++++++++++
.../common/data-prep/templates/_helpers.tpl | 4 +++-
.../common/data-prep/templates/deployment.yaml | 1 +
.../data-prep/templates/serviceaccount.yaml | 16 ++++++++++++++++
helm-charts/common/data-prep/values.yaml | 15 +++++++++++++++
.../embedding-usvc/templates/_helpers.tpl | 8 +++++---
.../embedding-usvc/templates/deployment.yaml | 1 +
.../templates/serviceaccount.yaml | 16 ++++++++++++++++
helm-charts/common/embedding-usvc/values.yaml | 15 +++++++++++++++
.../common/gpt-sovits/templates/_helpers.tpl | 4 +++-
.../common/gpt-sovits/templates/deployment.yaml | 1 +
.../gpt-sovits/templates/serviceaccount.yaml | 16 ++++++++++++++++
helm-charts/common/gpt-sovits/values.yaml | 15 +++++++++++++++
.../guardrails-usvc/templates/_helpers.tpl | 4 +++-
.../guardrails-usvc/templates/deployment.yaml | 1 +
.../templates/serviceaccount.yaml | 16 ++++++++++++++++
helm-charts/common/guardrails-usvc/values.yaml | 15 +++++++++++++++
.../common/llm-uservice/templates/_helpers.tpl | 4 +++-
.../llm-uservice/templates/deployment.yaml | 1 +
.../llm-uservice/templates/serviceaccount.yaml | 16 ++++++++++++++++
helm-charts/common/llm-uservice/values.yaml | 15 +++++++++++++++
.../common/lvm-uservice/templates/_helpers.tpl | 4 +++-
.../lvm-uservice/templates/deployment.yaml | 1 +
.../lvm-uservice/templates/serviceaccount.yaml | 16 ++++++++++++++++
helm-charts/common/lvm-uservice/values.yaml | 15 +++++++++++++++
.../common/mongodb/templates/_helpers.tpl | 4 +++-
.../common/mongodb/templates/deployment.yaml | 1 +
.../mongodb/templates/serviceaccount.yaml | 16 ++++++++++++++++
helm-charts/common/mongodb/values.yaml | 17 +++++++++++++++++
.../common/prompt-usvc/templates/_helpers.tpl | 4 +++-
.../prompt-usvc/templates/deployment.yaml | 1 +
.../prompt-usvc/templates/serviceaccount.yaml | 16 ++++++++++++++++
helm-charts/common/prompt-usvc/values.yaml | 15 +++++++++++++++
.../redis-vector-db/templates/_helpers.tpl | 4 +++-
.../redis-vector-db/templates/deployment.yaml | 1 +
.../templates/serviceaccount.yaml | 16 ++++++++++++++++
helm-charts/common/redis-vector-db/values.yaml | 17 +++++++++++++++++
.../reranking-usvc/templates/_helpers.tpl | 8 +++++---
.../reranking-usvc/templates/deployment.yaml | 1 +
.../templates/serviceaccount.yaml | 16 ++++++++++++++++
helm-charts/common/reranking-usvc/values.yaml | 15 +++++++++++++++
.../retriever-usvc/templates/_helpers.tpl | 4 +++-
.../retriever-usvc/templates/deployment.yaml | 1 +
.../templates/serviceaccount.yaml | 16 ++++++++++++++++
helm-charts/common/retriever-usvc/values.yaml | 15 +++++++++++++++
.../common/speecht5/templates/_helpers.tpl | 4 +++-
.../common/speecht5/templates/deployment.yaml | 1 +
.../speecht5/templates/serviceaccount.yaml | 16 ++++++++++++++++
helm-charts/common/speecht5/values.yaml | 15 +++++++++++++++
helm-charts/common/tei/templates/_helpers.tpl | 4 +++-
.../common/tei/templates/deployment.yaml | 1 +
.../common/tei/templates/serviceaccount.yaml | 16 ++++++++++++++++
helm-charts/common/tei/values.yaml | 15 +++++++++++++++
.../common/teirerank/templates/_helpers.tpl | 4 +++-
.../common/teirerank/templates/deployment.yaml | 1 +
.../teirerank/templates/serviceaccount.yaml | 16 ++++++++++++++++
helm-charts/common/teirerank/values.yaml | 15 +++++++++++++++
helm-charts/common/tgi/templates/_helpers.tpl | 4 +++-
.../common/tgi/templates/deployment.yaml | 1 +
.../common/tgi/templates/serviceaccount.yaml | 16 ++++++++++++++++
helm-charts/common/tgi/values.yaml | 15 +++++++++++++++
helm-charts/common/tts/templates/_helpers.tpl | 4 +++-
.../common/tts/templates/deployment.yaml | 1 +
.../common/tts/templates/serviceaccount.yaml | 16 ++++++++++++++++
helm-charts/common/tts/values.yaml | 15 +++++++++++++++
helm-charts/common/ui/templates/_helpers.tpl | 4 +++-
helm-charts/common/ui/templates/deployment.yaml | 1 +
.../common/ui/templates/serviceaccount.yaml | 16 ++++++++++++++++
helm-charts/common/ui/values.yaml | 17 ++++++++++++++++-
helm-charts/common/vllm/templates/_helpers.tpl | 4 +++-
.../common/vllm/templates/deployment.yaml | 1 +
.../common/vllm/templates/serviceaccount.yaml | 16 ++++++++++++++++
helm-charts/common/vllm/values.yaml | 15 +++++++++++++++
.../common/web-retriever/templates/_helpers.tpl | 4 +++-
.../web-retriever/templates/deployment.yaml | 1 +
.../web-retriever/templates/serviceaccount.yaml | 16 ++++++++++++++++
helm-charts/common/web-retriever/values.yaml | 15 +++++++++++++++
.../common/whisper/templates/_helpers.tpl | 4 +++-
.../common/whisper/templates/deployment.yaml | 1 +
.../whisper/templates/serviceaccount.yaml | 16 ++++++++++++++++
helm-charts/common/whisper/values.yaml | 15 +++++++++++++++
92 files changed, 814 insertions(+), 28 deletions(-)
create mode 100644 helm-charts/common/agent/templates/serviceaccount.yaml
create mode 100644 helm-charts/common/asr/templates/serviceaccount.yaml
create mode 100644 helm-charts/common/chathistory-usvc/templates/serviceaccount.yaml
create mode 100644 helm-charts/common/data-prep/templates/serviceaccount.yaml
create mode 100644 helm-charts/common/embedding-usvc/templates/serviceaccount.yaml
create mode 100644 helm-charts/common/gpt-sovits/templates/serviceaccount.yaml
create mode 100644 helm-charts/common/guardrails-usvc/templates/serviceaccount.yaml
create mode 100644 helm-charts/common/llm-uservice/templates/serviceaccount.yaml
create mode 100644 helm-charts/common/lvm-uservice/templates/serviceaccount.yaml
create mode 100644 helm-charts/common/mongodb/templates/serviceaccount.yaml
create mode 100644 helm-charts/common/prompt-usvc/templates/serviceaccount.yaml
create mode 100644 helm-charts/common/redis-vector-db/templates/serviceaccount.yaml
create mode 100644 helm-charts/common/reranking-usvc/templates/serviceaccount.yaml
create mode 100644 helm-charts/common/retriever-usvc/templates/serviceaccount.yaml
create mode 100644 helm-charts/common/speecht5/templates/serviceaccount.yaml
create mode 100644 helm-charts/common/tei/templates/serviceaccount.yaml
create mode 100644 helm-charts/common/teirerank/templates/serviceaccount.yaml
create mode 100644 helm-charts/common/tgi/templates/serviceaccount.yaml
create mode 100644 helm-charts/common/tts/templates/serviceaccount.yaml
create mode 100644 helm-charts/common/ui/templates/serviceaccount.yaml
create mode 100644 helm-charts/common/vllm/templates/serviceaccount.yaml
create mode 100644 helm-charts/common/web-retriever/templates/serviceaccount.yaml
create mode 100644 helm-charts/common/whisper/templates/serviceaccount.yaml
diff --git a/helm-charts/common/agent/templates/_helpers.tpl b/helm-charts/common/agent/templates/_helpers.tpl
index 1227dfd81..65f878043 100644
--- a/helm-charts/common/agent/templates/_helpers.tpl
+++ b/helm-charts/common/agent/templates/_helpers.tpl
@@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
Create the name of the service account to use
*/}}
{{- define "agent.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
+{{- if .Values.global.sharedSAName }}
+{{- .Values.global.sharedSAName }}
+{{- else if .Values.serviceAccount.create }}
{{- default (include "agent.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
diff --git a/helm-charts/common/agent/templates/deployment.yaml b/helm-charts/common/agent/templates/deployment.yaml
index 12c0e00a2..dffe5ceca 100644
--- a/helm-charts/common/agent/templates/deployment.yaml
+++ b/helm-charts/common/agent/templates/deployment.yaml
@@ -25,6 +25,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "agent.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
diff --git a/helm-charts/common/agent/templates/serviceaccount.yaml b/helm-charts/common/agent/templates/serviceaccount.yaml
new file mode 100644
index 000000000..62b7ffca5
--- /dev/null
+++ b/helm-charts/common/agent/templates/serviceaccount.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2024 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "agent.serviceAccountName" . }}
+ labels:
+ {{- include "agent.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}
diff --git a/helm-charts/common/agent/values.yaml b/helm-charts/common/agent/values.yaml
index 9d7b236d1..4e602d960 100644
--- a/helm-charts/common/agent/values.yaml
+++ b/helm-charts/common/agent/values.yaml
@@ -40,6 +40,17 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: false
+ # Automatically mount a ServiceAccount's API credentials?
+ automount: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
podAnnotations: {}
podSecurityContext: {}
@@ -105,6 +116,10 @@ global:
https_proxy: ""
no_proxy: ""
HUGGINGFACEHUB_API_TOKEN: "insert-your-huggingface-token-here"
+ # service account name to be shared with all parent/child charts.
+ # If set, it will overwrite serviceAccount.name.
+ # If set, and serviceAccount.create is false, it will assume this service account is already created by others.
+ sharedSAName: ""
# Install Prometheus serviceMonitor for service
monitoring: false
diff --git a/helm-charts/common/asr/templates/_helpers.tpl b/helm-charts/common/asr/templates/_helpers.tpl
index 62d5a0554..613ba34bb 100644
--- a/helm-charts/common/asr/templates/_helpers.tpl
+++ b/helm-charts/common/asr/templates/_helpers.tpl
@@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
Create the name of the service account to use
*/}}
{{- define "asr.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
+{{- if .Values.global.sharedSAName }}
+{{- .Values.global.sharedSAName }}
+{{- else if .Values.serviceAccount.create }}
{{- default (include "asr.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
diff --git a/helm-charts/common/asr/templates/deployment.yaml b/helm-charts/common/asr/templates/deployment.yaml
index 309ff56ca..0f7f6edfa 100644
--- a/helm-charts/common/asr/templates/deployment.yaml
+++ b/helm-charts/common/asr/templates/deployment.yaml
@@ -25,6 +25,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "asr.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
diff --git a/helm-charts/common/asr/templates/serviceaccount.yaml b/helm-charts/common/asr/templates/serviceaccount.yaml
new file mode 100644
index 000000000..7139f3e29
--- /dev/null
+++ b/helm-charts/common/asr/templates/serviceaccount.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2024 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "asr.serviceAccountName" . }}
+ labels:
+ {{- include "asr.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}
diff --git a/helm-charts/common/asr/values.yaml b/helm-charts/common/asr/values.yaml
index 92728e644..b975a3c1f 100644
--- a/helm-charts/common/asr/values.yaml
+++ b/helm-charts/common/asr/values.yaml
@@ -27,6 +27,17 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: false
+ # Automatically mount a ServiceAccount's API credentials?
+ automount: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
podAnnotations: {}
podSecurityContext: {}
@@ -91,3 +102,7 @@ global:
http_proxy: ""
https_proxy: ""
no_proxy: ""
+ # service account name to be shared with all parent/child charts.
+ # If set, it will overwrite serviceAccount.name.
+ # If set, and serviceAccount.create is false, it will assume this service account is already created by others.
+ sharedSAName: ""
diff --git a/helm-charts/common/chathistory-usvc/templates/_helpers.tpl b/helm-charts/common/chathistory-usvc/templates/_helpers.tpl
index 6442c29ee..4fee343bc 100644
--- a/helm-charts/common/chathistory-usvc/templates/_helpers.tpl
+++ b/helm-charts/common/chathistory-usvc/templates/_helpers.tpl
@@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
Create the name of the service account to use
*/}}
{{- define "chathistory-usvc.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
+{{- if .Values.global.sharedSAName }}
+{{- .Values.global.sharedSAName }}
+{{- else if .Values.serviceAccount.create }}
{{- default (include "chathistory-usvc.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
diff --git a/helm-charts/common/chathistory-usvc/templates/deployment.yaml b/helm-charts/common/chathistory-usvc/templates/deployment.yaml
index b721318e6..73ea450ee 100644
--- a/helm-charts/common/chathistory-usvc/templates/deployment.yaml
+++ b/helm-charts/common/chathistory-usvc/templates/deployment.yaml
@@ -25,6 +25,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "chathistory-usvc.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
diff --git a/helm-charts/common/chathistory-usvc/templates/serviceaccount.yaml b/helm-charts/common/chathistory-usvc/templates/serviceaccount.yaml
new file mode 100644
index 000000000..576093f5e
--- /dev/null
+++ b/helm-charts/common/chathistory-usvc/templates/serviceaccount.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2024 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "chathistory-usvc.serviceAccountName" . }}
+ labels:
+ {{- include "chathistory-usvc.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}
diff --git a/helm-charts/common/chathistory-usvc/values.yaml b/helm-charts/common/chathistory-usvc/values.yaml
index d5f2faa92..17cf7b22a 100644
--- a/helm-charts/common/chathistory-usvc/values.yaml
+++ b/helm-charts/common/chathistory-usvc/values.yaml
@@ -21,6 +21,17 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: false
+ # Automatically mount a ServiceAccount's API credentials?
+ automount: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
podAnnotations: {}
podSecurityContext: {}
@@ -94,3 +105,7 @@ global:
http_proxy: ""
https_proxy: ""
no_proxy: ""
+ # service account name to be shared with all parent/child charts.
+ # If set, it will overwrite serviceAccount.name.
+ # If set, and serviceAccount.create is false, it will assume this service account is already created by others.
+ sharedSAName: ""
diff --git a/helm-charts/common/data-prep/templates/_helpers.tpl b/helm-charts/common/data-prep/templates/_helpers.tpl
index 8d2062396..5ccc04bd8 100644
--- a/helm-charts/common/data-prep/templates/_helpers.tpl
+++ b/helm-charts/common/data-prep/templates/_helpers.tpl
@@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
Create the name of the service account to use
*/}}
{{- define "data-prep.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
+{{- if .Values.global.sharedSAName }}
+{{- .Values.global.sharedSAName }}
+{{- else if .Values.serviceAccount.create }}
{{- default (include "data-prep.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
diff --git a/helm-charts/common/data-prep/templates/deployment.yaml b/helm-charts/common/data-prep/templates/deployment.yaml
index 30faff173..fef104017 100644
--- a/helm-charts/common/data-prep/templates/deployment.yaml
+++ b/helm-charts/common/data-prep/templates/deployment.yaml
@@ -25,6 +25,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "data-prep.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
diff --git a/helm-charts/common/data-prep/templates/serviceaccount.yaml b/helm-charts/common/data-prep/templates/serviceaccount.yaml
new file mode 100644
index 000000000..55b877801
--- /dev/null
+++ b/helm-charts/common/data-prep/templates/serviceaccount.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2024 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "data-prep.serviceAccountName" . }}
+ labels:
+ {{- include "data-prep.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}
diff --git a/helm-charts/common/data-prep/values.yaml b/helm-charts/common/data-prep/values.yaml
index e35274fcb..a8f1327c1 100644
--- a/helm-charts/common/data-prep/values.yaml
+++ b/helm-charts/common/data-prep/values.yaml
@@ -25,6 +25,17 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: false
+ # Automatically mount a ServiceAccount's API credentials?
+ automount: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
podAnnotations: {}
podSecurityContext: {}
@@ -113,3 +124,7 @@ global:
https_proxy: ""
no_proxy: ""
HUGGINGFACEHUB_API_TOKEN: "insert-your-huggingface-token-here"
+ # service account name to be shared with all parent/child charts.
+ # If set, it will overwrite serviceAccount.name.
+ # If set, and serviceAccount.create is false, it will assume this service account is already created by others.
+ sharedSAName: ""
diff --git a/helm-charts/common/embedding-usvc/templates/_helpers.tpl b/helm-charts/common/embedding-usvc/templates/_helpers.tpl
index 229f1a5b5..5195c4cd1 100644
--- a/helm-charts/common/embedding-usvc/templates/_helpers.tpl
+++ b/helm-charts/common/embedding-usvc/templates/_helpers.tpl
@@ -53,9 +53,11 @@ app.kubernetes.io/instance: {{ .Release.Name }}
{{/*
Create the name of the service account to use
*/}}
-{{- define "llm-uservice.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "llm-uservice.fullname" .) .Values.serviceAccount.name }}
+{{- define "embedding-usvc.serviceAccountName" -}}
+{{- if .Values.global.sharedSAName }}
+{{- .Values.global.sharedSAName }}
+{{- else if .Values.serviceAccount.create }}
+{{- default (include "embedding-usvc.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
diff --git a/helm-charts/common/embedding-usvc/templates/deployment.yaml b/helm-charts/common/embedding-usvc/templates/deployment.yaml
index 67b2fae99..459389518 100644
--- a/helm-charts/common/embedding-usvc/templates/deployment.yaml
+++ b/helm-charts/common/embedding-usvc/templates/deployment.yaml
@@ -25,6 +25,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "embedding-usvc.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
diff --git a/helm-charts/common/embedding-usvc/templates/serviceaccount.yaml b/helm-charts/common/embedding-usvc/templates/serviceaccount.yaml
new file mode 100644
index 000000000..0cd59bab4
--- /dev/null
+++ b/helm-charts/common/embedding-usvc/templates/serviceaccount.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2024 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "embedding-usvc.serviceAccountName" . }}
+ labels:
+ {{- include "embedding-usvc.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}
diff --git a/helm-charts/common/embedding-usvc/values.yaml b/helm-charts/common/embedding-usvc/values.yaml
index 66f79d789..a4a36f8ab 100644
--- a/helm-charts/common/embedding-usvc/values.yaml
+++ b/helm-charts/common/embedding-usvc/values.yaml
@@ -26,6 +26,17 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: false
+ # Automatically mount a ServiceAccount's API credentials?
+ automount: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
podAnnotations: {}
podSecurityContext: {}
@@ -90,6 +101,10 @@ global:
http_proxy: ""
https_proxy: ""
no_proxy: ""
+ # service account name to be shared with all parent/child charts.
+ # If set, it will overwrite serviceAccount.name.
+ # If set, and serviceAccount.create is false, it will assume this service account is already created by others.
+ sharedSAName: ""
# Install Prometheus serviceMonitor for service
monitoring: false
diff --git a/helm-charts/common/gpt-sovits/templates/_helpers.tpl b/helm-charts/common/gpt-sovits/templates/_helpers.tpl
index f42c32caa..225fbc2ed 100644
--- a/helm-charts/common/gpt-sovits/templates/_helpers.tpl
+++ b/helm-charts/common/gpt-sovits/templates/_helpers.tpl
@@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
Create the name of the service account to use
*/}}
{{- define "gpt-sovits.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
+{{- if .Values.global.sharedSAName }}
+{{- .Values.global.sharedSAName }}
+{{- else if .Values.serviceAccount.create }}
{{- default (include "gpt-sovits.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
diff --git a/helm-charts/common/gpt-sovits/templates/deployment.yaml b/helm-charts/common/gpt-sovits/templates/deployment.yaml
index d5d6e9d90..36da72b47 100644
--- a/helm-charts/common/gpt-sovits/templates/deployment.yaml
+++ b/helm-charts/common/gpt-sovits/templates/deployment.yaml
@@ -25,6 +25,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "gpt-sovits.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
diff --git a/helm-charts/common/gpt-sovits/templates/serviceaccount.yaml b/helm-charts/common/gpt-sovits/templates/serviceaccount.yaml
new file mode 100644
index 000000000..092ce54c7
--- /dev/null
+++ b/helm-charts/common/gpt-sovits/templates/serviceaccount.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2024 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "gpt-sovits.serviceAccountName" . }}
+ labels:
+ {{- include "gpt-sovits.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}
diff --git a/helm-charts/common/gpt-sovits/values.yaml b/helm-charts/common/gpt-sovits/values.yaml
index d5cff30d7..52fbf83cc 100644
--- a/helm-charts/common/gpt-sovits/values.yaml
+++ b/helm-charts/common/gpt-sovits/values.yaml
@@ -18,6 +18,17 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: false
+ # Automatically mount a ServiceAccount's API credentials?
+ automount: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
podAnnotations: {}
podSecurityContext: {}
@@ -81,3 +92,7 @@ global:
http_proxy: ""
https_proxy: ""
no_proxy: ""
+ # service account name to be shared with all parent/child charts.
+ # If set, it will overwrite serviceAccount.name.
+ # If set, and serviceAccount.create is false, it will assume this service account is already created by others.
+ sharedSAName: ""
diff --git a/helm-charts/common/guardrails-usvc/templates/_helpers.tpl b/helm-charts/common/guardrails-usvc/templates/_helpers.tpl
index 088f88455..b08af6c49 100644
--- a/helm-charts/common/guardrails-usvc/templates/_helpers.tpl
+++ b/helm-charts/common/guardrails-usvc/templates/_helpers.tpl
@@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
Create the name of the service account to use
*/}}
{{- define "guardrails-usvc.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
+{{- if .Values.global.sharedSAName }}
+{{- .Values.global.sharedSAName }}
+{{- else if .Values.serviceAccount.create }}
{{- default (include "guardrails-usvc.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
diff --git a/helm-charts/common/guardrails-usvc/templates/deployment.yaml b/helm-charts/common/guardrails-usvc/templates/deployment.yaml
index bebf86e59..a551d521c 100644
--- a/helm-charts/common/guardrails-usvc/templates/deployment.yaml
+++ b/helm-charts/common/guardrails-usvc/templates/deployment.yaml
@@ -25,6 +25,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "guardrails-usvc.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
diff --git a/helm-charts/common/guardrails-usvc/templates/serviceaccount.yaml b/helm-charts/common/guardrails-usvc/templates/serviceaccount.yaml
new file mode 100644
index 000000000..33bba3251
--- /dev/null
+++ b/helm-charts/common/guardrails-usvc/templates/serviceaccount.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2024 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "guardrails-usvc.serviceAccountName" . }}
+ labels:
+ {{- include "guardrails-usvc.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}
diff --git a/helm-charts/common/guardrails-usvc/values.yaml b/helm-charts/common/guardrails-usvc/values.yaml
index 56a0cc6d4..eb75b7e2a 100644
--- a/helm-charts/common/guardrails-usvc/values.yaml
+++ b/helm-charts/common/guardrails-usvc/values.yaml
@@ -30,6 +30,17 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: false
+ # Automatically mount a ServiceAccount's API credentials?
+ automount: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
podAnnotations: {}
podSecurityContext: {}
@@ -94,3 +105,7 @@ global:
https_proxy: ""
no_proxy: ""
HUGGINGFACEHUB_API_TOKEN: "insert-your-huggingface-token-here"
+ # service account name to be shared with all parent/child charts.
+ # If set, it will overwrite serviceAccount.name.
+ # If set, and serviceAccount.create is false, it will assume this service account is already created by others.
+ sharedSAName: ""
diff --git a/helm-charts/common/llm-uservice/templates/_helpers.tpl b/helm-charts/common/llm-uservice/templates/_helpers.tpl
index d67db64c2..17552964a 100644
--- a/helm-charts/common/llm-uservice/templates/_helpers.tpl
+++ b/helm-charts/common/llm-uservice/templates/_helpers.tpl
@@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
Create the name of the service account to use
*/}}
{{- define "llm-uservice.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
+{{- if .Values.global.sharedSAName }}
+{{- .Values.global.sharedSAName }}
+{{- else if .Values.serviceAccount.create }}
{{- default (include "llm-uservice.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
diff --git a/helm-charts/common/llm-uservice/templates/deployment.yaml b/helm-charts/common/llm-uservice/templates/deployment.yaml
index dfa4e6022..ae7778c75 100644
--- a/helm-charts/common/llm-uservice/templates/deployment.yaml
+++ b/helm-charts/common/llm-uservice/templates/deployment.yaml
@@ -25,6 +25,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "llm-uservice.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
diff --git a/helm-charts/common/llm-uservice/templates/serviceaccount.yaml b/helm-charts/common/llm-uservice/templates/serviceaccount.yaml
new file mode 100644
index 000000000..dab76a7ba
--- /dev/null
+++ b/helm-charts/common/llm-uservice/templates/serviceaccount.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2024 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "llm-uservice.serviceAccountName" . }}
+ labels:
+ {{- include "llm-uservice.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}
diff --git a/helm-charts/common/llm-uservice/values.yaml b/helm-charts/common/llm-uservice/values.yaml
index 8908bb74c..84ae7d32a 100644
--- a/helm-charts/common/llm-uservice/values.yaml
+++ b/helm-charts/common/llm-uservice/values.yaml
@@ -32,6 +32,17 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: false
+ # Automatically mount a ServiceAccount's API credentials?
+ automount: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
podAnnotations: {}
podSecurityContext: {}
@@ -97,6 +108,10 @@ global:
https_proxy: ""
no_proxy: ""
HUGGINGFACEHUB_API_TOKEN: "insert-your-huggingface-token-here"
+ # service account name to be shared with all parent/child charts.
+ # If set, it will overwrite serviceAccount.name.
+ # If set, and serviceAccount.create is false, it will assume this service account is already created by others.
+ sharedSAName: ""
# Install Prometheus serviceMonitor for service
monitoring: false
diff --git a/helm-charts/common/lvm-uservice/templates/_helpers.tpl b/helm-charts/common/lvm-uservice/templates/_helpers.tpl
index 86c26b0e6..abacefb88 100644
--- a/helm-charts/common/lvm-uservice/templates/_helpers.tpl
+++ b/helm-charts/common/lvm-uservice/templates/_helpers.tpl
@@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
Create the name of the service account to use
*/}}
{{- define "lvm-uservice.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
+{{- if .Values.global.sharedSAName }}
+{{- .Values.global.sharedSAName }}
+{{- else if .Values.serviceAccount.create }}
{{- default (include "lvm-uservice.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
diff --git a/helm-charts/common/lvm-uservice/templates/deployment.yaml b/helm-charts/common/lvm-uservice/templates/deployment.yaml
index c276087d6..8f6698f42 100644
--- a/helm-charts/common/lvm-uservice/templates/deployment.yaml
+++ b/helm-charts/common/lvm-uservice/templates/deployment.yaml
@@ -25,6 +25,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "lvm-uservice.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
diff --git a/helm-charts/common/lvm-uservice/templates/serviceaccount.yaml b/helm-charts/common/lvm-uservice/templates/serviceaccount.yaml
new file mode 100644
index 000000000..b21176e8a
--- /dev/null
+++ b/helm-charts/common/lvm-uservice/templates/serviceaccount.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2024 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "lvm-uservice.serviceAccountName" . }}
+ labels:
+ {{- include "lvm-uservice.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}
diff --git a/helm-charts/common/lvm-uservice/values.yaml b/helm-charts/common/lvm-uservice/values.yaml
index 75188a7e0..176c20876 100644
--- a/helm-charts/common/lvm-uservice/values.yaml
+++ b/helm-charts/common/lvm-uservice/values.yaml
@@ -29,6 +29,17 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: false
+ # Automatically mount a ServiceAccount's API credentials?
+ automount: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
podAnnotations: {}
podSecurityContext: {}
@@ -94,6 +105,10 @@ global:
https_proxy: ""
no_proxy: ""
HUGGINGFACEHUB_API_TOKEN: "insert-your-huggingface-token-here"
+ # service account name to be shared with all parent/child charts.
+ # If set, it will overwrite serviceAccount.name.
+ # If set, and serviceAccount.create is false, it will assume this service account is already created by others.
+ sharedSAName: ""
# Install Prometheus serviceMonitor for service
monitoring: false
diff --git a/helm-charts/common/mongodb/templates/_helpers.tpl b/helm-charts/common/mongodb/templates/_helpers.tpl
index 6b1b8c179..b89a52b88 100644
--- a/helm-charts/common/mongodb/templates/_helpers.tpl
+++ b/helm-charts/common/mongodb/templates/_helpers.tpl
@@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
Create the name of the service account to use
*/}}
{{- define "mongodb.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
+{{- if .Values.global.sharedSAName }}
+{{- .Values.global.sharedSAName }}
+{{- else if .Values.serviceAccount.create }}
{{- default (include "mongodb.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
diff --git a/helm-charts/common/mongodb/templates/deployment.yaml b/helm-charts/common/mongodb/templates/deployment.yaml
index 4fca11ffd..d1666a395 100644
--- a/helm-charts/common/mongodb/templates/deployment.yaml
+++ b/helm-charts/common/mongodb/templates/deployment.yaml
@@ -25,6 +25,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "mongodb.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
diff --git a/helm-charts/common/mongodb/templates/serviceaccount.yaml b/helm-charts/common/mongodb/templates/serviceaccount.yaml
new file mode 100644
index 000000000..f7841e15e
--- /dev/null
+++ b/helm-charts/common/mongodb/templates/serviceaccount.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2024 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "mongodb.serviceAccountName" . }}
+ labels:
+ {{- include "mongodb.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}
diff --git a/helm-charts/common/mongodb/values.yaml b/helm-charts/common/mongodb/values.yaml
index cb38a714d..43e51b7d5 100644
--- a/helm-charts/common/mongodb/values.yaml
+++ b/helm-charts/common/mongodb/values.yaml
@@ -17,6 +17,17 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: false
+ # Automatically mount a ServiceAccount's API credentials?
+ automount: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
podAnnotations: {}
podSecurityContext: {}
@@ -60,3 +71,9 @@ nodeSelector: {}
tolerations: []
affinity: {}
+
+global:
+ # service account name to be shared with all parent/child charts.
+ # If set, it will overwrite serviceAccount.name.
+ # If set, and serviceAccount.create is false, it will assume this service account is already created by others.
+ sharedSAName: ""
diff --git a/helm-charts/common/prompt-usvc/templates/_helpers.tpl b/helm-charts/common/prompt-usvc/templates/_helpers.tpl
index 147787115..da47665fc 100644
--- a/helm-charts/common/prompt-usvc/templates/_helpers.tpl
+++ b/helm-charts/common/prompt-usvc/templates/_helpers.tpl
@@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
Create the name of the service account to use
*/}}
{{- define "prompt-usvc.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
+{{- if .Values.global.sharedSAName }}
+{{- .Values.global.sharedSAName }}
+{{- else if .Values.serviceAccount.create }}
{{- default (include "prompt-usvc.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
diff --git a/helm-charts/common/prompt-usvc/templates/deployment.yaml b/helm-charts/common/prompt-usvc/templates/deployment.yaml
index 836668384..ca900b554 100644
--- a/helm-charts/common/prompt-usvc/templates/deployment.yaml
+++ b/helm-charts/common/prompt-usvc/templates/deployment.yaml
@@ -25,6 +25,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "prompt-usvc.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
diff --git a/helm-charts/common/prompt-usvc/templates/serviceaccount.yaml b/helm-charts/common/prompt-usvc/templates/serviceaccount.yaml
new file mode 100644
index 000000000..4cef0323d
--- /dev/null
+++ b/helm-charts/common/prompt-usvc/templates/serviceaccount.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2024 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "prompt-usvc.serviceAccountName" . }}
+ labels:
+ {{- include "prompt-usvc.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}
diff --git a/helm-charts/common/prompt-usvc/values.yaml b/helm-charts/common/prompt-usvc/values.yaml
index a475e6f5e..82562fca4 100644
--- a/helm-charts/common/prompt-usvc/values.yaml
+++ b/helm-charts/common/prompt-usvc/values.yaml
@@ -21,6 +21,17 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: false
+ # Automatically mount a ServiceAccount's API credentials?
+ automount: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
podAnnotations: {}
podSecurityContext: {}
@@ -97,3 +108,7 @@ global:
http_proxy: ""
https_proxy: ""
no_proxy: ""
+ # service account name to be shared with all parent/child charts.
+ # If set, it will overwrite serviceAccount.name.
+ # If set, and serviceAccount.create is false, it will assume this service account is already created by others.
+ sharedSAName: ""
diff --git a/helm-charts/common/redis-vector-db/templates/_helpers.tpl b/helm-charts/common/redis-vector-db/templates/_helpers.tpl
index f8f7a65da..96fffe220 100644
--- a/helm-charts/common/redis-vector-db/templates/_helpers.tpl
+++ b/helm-charts/common/redis-vector-db/templates/_helpers.tpl
@@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
Create the name of the service account to use
*/}}
{{- define "redis-vector-db.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
+{{- if .Values.global.sharedSAName }}
+{{- .Values.global.sharedSAName }}
+{{- else if .Values.serviceAccount.create }}
{{- default (include "redis-vector-db.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
diff --git a/helm-charts/common/redis-vector-db/templates/deployment.yaml b/helm-charts/common/redis-vector-db/templates/deployment.yaml
index d4fc692b6..427e9e996 100644
--- a/helm-charts/common/redis-vector-db/templates/deployment.yaml
+++ b/helm-charts/common/redis-vector-db/templates/deployment.yaml
@@ -25,6 +25,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "redis-vector-db.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
diff --git a/helm-charts/common/redis-vector-db/templates/serviceaccount.yaml b/helm-charts/common/redis-vector-db/templates/serviceaccount.yaml
new file mode 100644
index 000000000..4b42a96f1
--- /dev/null
+++ b/helm-charts/common/redis-vector-db/templates/serviceaccount.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2024 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "redis-vector-db.serviceAccountName" . }}
+ labels:
+ {{- include "redis-vector-db.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}
diff --git a/helm-charts/common/redis-vector-db/values.yaml b/helm-charts/common/redis-vector-db/values.yaml
index d07339c3d..26a851283 100644
--- a/helm-charts/common/redis-vector-db/values.yaml
+++ b/helm-charts/common/redis-vector-db/values.yaml
@@ -17,6 +17,17 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: false
+ # Automatically mount a ServiceAccount's API credentials?
+ automount: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
podAnnotations: {}
podSecurityContext: {}
@@ -61,3 +72,9 @@ nodeSelector: {}
tolerations: []
affinity: {}
+
+global:
+ # service account name to be shared with all parent/child charts.
+ # If set, it will overwrite serviceAccount.name.
+ # If set, and serviceAccount.create is false, it will assume this service account is already created by others.
+ sharedSAName: ""
diff --git a/helm-charts/common/reranking-usvc/templates/_helpers.tpl b/helm-charts/common/reranking-usvc/templates/_helpers.tpl
index 9247fe13b..1bc450a84 100644
--- a/helm-charts/common/reranking-usvc/templates/_helpers.tpl
+++ b/helm-charts/common/reranking-usvc/templates/_helpers.tpl
@@ -53,9 +53,11 @@ app.kubernetes.io/instance: {{ .Release.Name }}
{{/*
Create the name of the service account to use
*/}}
-{{- define "llm-uservice.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "llm-uservice.fullname" .) .Values.serviceAccount.name }}
+{{- define "reranking-usvc.serviceAccountName" -}}
+{{- if .Values.global.sharedSAName }}
+{{- .Values.global.sharedSAName }}
+{{- else if .Values.serviceAccount.create }}
+{{- default (include "reranking-usvc.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
diff --git a/helm-charts/common/reranking-usvc/templates/deployment.yaml b/helm-charts/common/reranking-usvc/templates/deployment.yaml
index 50abfc5a0..192016eca 100644
--- a/helm-charts/common/reranking-usvc/templates/deployment.yaml
+++ b/helm-charts/common/reranking-usvc/templates/deployment.yaml
@@ -25,6 +25,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "reranking-usvc.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
diff --git a/helm-charts/common/reranking-usvc/templates/serviceaccount.yaml b/helm-charts/common/reranking-usvc/templates/serviceaccount.yaml
new file mode 100644
index 000000000..47aa7fdb0
--- /dev/null
+++ b/helm-charts/common/reranking-usvc/templates/serviceaccount.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2024 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "reranking-usvc.serviceAccountName" . }}
+ labels:
+ {{- include "reranking-usvc.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}
diff --git a/helm-charts/common/reranking-usvc/values.yaml b/helm-charts/common/reranking-usvc/values.yaml
index 924815ff7..c1b28a8a6 100644
--- a/helm-charts/common/reranking-usvc/values.yaml
+++ b/helm-charts/common/reranking-usvc/values.yaml
@@ -26,6 +26,17 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: false
+ # Automatically mount a ServiceAccount's API credentials?
+ automount: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
podAnnotations: {}
podSecurityContext: {}
@@ -90,6 +101,10 @@ global:
http_proxy: ""
https_proxy: ""
no_proxy: ""
+ # service account name to be shared with all parent/child charts.
+ # If set, it will overwrite serviceAccount.name.
+ # If set, and serviceAccount.create is false, it will assume this service account is already created by others.
+ sharedSAName: ""
# Install Prometheus serviceMonitor for service
monitoring: false
diff --git a/helm-charts/common/retriever-usvc/templates/_helpers.tpl b/helm-charts/common/retriever-usvc/templates/_helpers.tpl
index 18c740303..a41c15c2e 100644
--- a/helm-charts/common/retriever-usvc/templates/_helpers.tpl
+++ b/helm-charts/common/retriever-usvc/templates/_helpers.tpl
@@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
Create the name of the service account to use
*/}}
{{- define "retriever-usvc.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
+{{- if .Values.global.sharedSAName }}
+{{- .Values.global.sharedSAName }}
+{{- else if .Values.serviceAccount.create }}
{{- default (include "retriever-usvc.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
diff --git a/helm-charts/common/retriever-usvc/templates/deployment.yaml b/helm-charts/common/retriever-usvc/templates/deployment.yaml
index b491b5d4d..f3914745f 100644
--- a/helm-charts/common/retriever-usvc/templates/deployment.yaml
+++ b/helm-charts/common/retriever-usvc/templates/deployment.yaml
@@ -25,6 +25,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "retriever-usvc.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
diff --git a/helm-charts/common/retriever-usvc/templates/serviceaccount.yaml b/helm-charts/common/retriever-usvc/templates/serviceaccount.yaml
new file mode 100644
index 000000000..017a456b8
--- /dev/null
+++ b/helm-charts/common/retriever-usvc/templates/serviceaccount.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2024 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "retriever-usvc.serviceAccountName" . }}
+ labels:
+ {{- include "retriever-usvc.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}
diff --git a/helm-charts/common/retriever-usvc/values.yaml b/helm-charts/common/retriever-usvc/values.yaml
index 568f2c3f0..0e2540d63 100644
--- a/helm-charts/common/retriever-usvc/values.yaml
+++ b/helm-charts/common/retriever-usvc/values.yaml
@@ -35,6 +35,17 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: false
+ # Automatically mount a ServiceAccount's API credentials?
+ automount: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
podAnnotations: {}
podSecurityContext: {}
@@ -108,6 +119,10 @@ global:
https_proxy: ""
no_proxy: ""
HUGGINGFACEHUB_API_TOKEN: "insert-your-huggingface-token-here"
+ # service account name to be shared with all parent/child charts.
+ # If set, it will overwrite serviceAccount.name.
+ # If set, and serviceAccount.create is false, it will assume this service account is already created by others.
+ sharedSAName: ""
# Install Prometheus serviceMonitor for service
monitoring: false
diff --git a/helm-charts/common/speecht5/templates/_helpers.tpl b/helm-charts/common/speecht5/templates/_helpers.tpl
index 7db4f3fd2..8250fdbe6 100644
--- a/helm-charts/common/speecht5/templates/_helpers.tpl
+++ b/helm-charts/common/speecht5/templates/_helpers.tpl
@@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
Create the name of the service account to use
*/}}
{{- define "speecht5.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
+{{- if .Values.global.sharedSAName }}
+{{- .Values.global.sharedSAName }}
+{{- else if .Values.serviceAccount.create }}
{{- default (include "speecht5.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
diff --git a/helm-charts/common/speecht5/templates/deployment.yaml b/helm-charts/common/speecht5/templates/deployment.yaml
index 6b5976b84..e0ea6538b 100644
--- a/helm-charts/common/speecht5/templates/deployment.yaml
+++ b/helm-charts/common/speecht5/templates/deployment.yaml
@@ -25,6 +25,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "speecht5.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
diff --git a/helm-charts/common/speecht5/templates/serviceaccount.yaml b/helm-charts/common/speecht5/templates/serviceaccount.yaml
new file mode 100644
index 000000000..4a7ccc833
--- /dev/null
+++ b/helm-charts/common/speecht5/templates/serviceaccount.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2024 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "speecht5.serviceAccountName" . }}
+ labels:
+ {{- include "speecht5.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}
diff --git a/helm-charts/common/speecht5/values.yaml b/helm-charts/common/speecht5/values.yaml
index 96a8e452a..4b8fd6eba 100644
--- a/helm-charts/common/speecht5/values.yaml
+++ b/helm-charts/common/speecht5/values.yaml
@@ -21,6 +21,17 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: false
+ # Automatically mount a ServiceAccount's API credentials?
+ automount: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
podAnnotations: {}
podSecurityContext: {}
@@ -85,6 +96,10 @@ global:
http_proxy: ""
https_proxy: ""
no_proxy: ""
+ # service account name to be shared with all parent/child charts.
+ # If set, it will overwrite serviceAccount.name.
+ # If set, and serviceAccount.create is false, it will assume this service account is already created by others.
+ sharedSAName: ""
# Choose where to save your downloaded models
# Set modelUseHostPath for local directory, this is good for one node test. Example:
diff --git a/helm-charts/common/tei/templates/_helpers.tpl b/helm-charts/common/tei/templates/_helpers.tpl
index fc4a57438..b2ae98152 100644
--- a/helm-charts/common/tei/templates/_helpers.tpl
+++ b/helm-charts/common/tei/templates/_helpers.tpl
@@ -61,7 +61,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
Create the name of the service account to use
*/}}
{{- define "tei.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
+{{- if .Values.global.sharedSAName }}
+{{- .Values.global.sharedSAName }}
+{{- else if .Values.serviceAccount.create }}
{{- default (include "tei.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
diff --git a/helm-charts/common/tei/templates/deployment.yaml b/helm-charts/common/tei/templates/deployment.yaml
index 442847df5..0d10c0156 100644
--- a/helm-charts/common/tei/templates/deployment.yaml
+++ b/helm-charts/common/tei/templates/deployment.yaml
@@ -28,6 +28,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "tei.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
diff --git a/helm-charts/common/tei/templates/serviceaccount.yaml b/helm-charts/common/tei/templates/serviceaccount.yaml
new file mode 100644
index 000000000..ec6ef3779
--- /dev/null
+++ b/helm-charts/common/tei/templates/serviceaccount.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2024 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "tei.serviceAccountName" . }}
+ labels:
+ {{- include "tei.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}
diff --git a/helm-charts/common/tei/values.yaml b/helm-charts/common/tei/values.yaml
index 44460a359..9d6193879 100644
--- a/helm-charts/common/tei/values.yaml
+++ b/helm-charts/common/tei/values.yaml
@@ -35,6 +35,17 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: false
+ # Automatically mount a ServiceAccount's API credentials?
+ automount: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
podAnnotations: {}
podSecurityContext: {}
@@ -99,6 +110,10 @@ global:
http_proxy: ""
https_proxy: ""
no_proxy: ""
+ # service account name to be shared with all parent/child charts.
+ # If set, it will overwrite serviceAccount.name.
+ # If set, and serviceAccount.create is false, it will assume this service account is already created by others.
+ sharedSAName: ""
# Choose where to save your downloaded models
# Set modelUseHostPath for local directory, this is good for one node test. Example:
diff --git a/helm-charts/common/teirerank/templates/_helpers.tpl b/helm-charts/common/teirerank/templates/_helpers.tpl
index 0c0b9238f..e6dca1a93 100644
--- a/helm-charts/common/teirerank/templates/_helpers.tpl
+++ b/helm-charts/common/teirerank/templates/_helpers.tpl
@@ -61,7 +61,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
Create the name of the service account to use
*/}}
{{- define "teirerank.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
+{{- if .Values.global.sharedSAName }}
+{{- .Values.global.sharedSAName }}
+{{- else if .Values.serviceAccount.create }}
{{- default (include "teirerank.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
diff --git a/helm-charts/common/teirerank/templates/deployment.yaml b/helm-charts/common/teirerank/templates/deployment.yaml
index 2d0ec9992..bb8438898 100644
--- a/helm-charts/common/teirerank/templates/deployment.yaml
+++ b/helm-charts/common/teirerank/templates/deployment.yaml
@@ -28,6 +28,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "teirerank.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
diff --git a/helm-charts/common/teirerank/templates/serviceaccount.yaml b/helm-charts/common/teirerank/templates/serviceaccount.yaml
new file mode 100644
index 000000000..490f147d7
--- /dev/null
+++ b/helm-charts/common/teirerank/templates/serviceaccount.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2024 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "teirerank.serviceAccountName" . }}
+ labels:
+ {{- include "teirerank.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}
diff --git a/helm-charts/common/teirerank/values.yaml b/helm-charts/common/teirerank/values.yaml
index 4d0dedf29..1b54d5ae3 100644
--- a/helm-charts/common/teirerank/values.yaml
+++ b/helm-charts/common/teirerank/values.yaml
@@ -35,6 +35,17 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: false
+ # Automatically mount a ServiceAccount's API credentials?
+ automount: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
podAnnotations: {}
podSecurityContext: {}
@@ -99,6 +110,10 @@ global:
http_proxy: ""
https_proxy: ""
no_proxy: ""
+ # service account name to be shared with all parent/child charts.
+ # If set, it will overwrite serviceAccount.name.
+ # If set, and serviceAccount.create is false, it will assume this service account is already created by others.
+ sharedSAName: ""
# Choose where to save your downloaded models
# Set modelUseHostPath for local directory, this is good for one node test. Example:
diff --git a/helm-charts/common/tgi/templates/_helpers.tpl b/helm-charts/common/tgi/templates/_helpers.tpl
index b672e8309..746328c28 100644
--- a/helm-charts/common/tgi/templates/_helpers.tpl
+++ b/helm-charts/common/tgi/templates/_helpers.tpl
@@ -61,7 +61,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
Create the name of the service account to use
*/}}
{{- define "tgi.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
+{{- if .Values.global.sharedSAName }}
+{{- .Values.global.sharedSAName }}
+{{- else if .Values.serviceAccount.create }}
{{- default (include "tgi.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
diff --git a/helm-charts/common/tgi/templates/deployment.yaml b/helm-charts/common/tgi/templates/deployment.yaml
index 04436e613..2411a5b6e 100644
--- a/helm-charts/common/tgi/templates/deployment.yaml
+++ b/helm-charts/common/tgi/templates/deployment.yaml
@@ -28,6 +28,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "tgi.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
diff --git a/helm-charts/common/tgi/templates/serviceaccount.yaml b/helm-charts/common/tgi/templates/serviceaccount.yaml
new file mode 100644
index 000000000..bf0bf0d7b
--- /dev/null
+++ b/helm-charts/common/tgi/templates/serviceaccount.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2024 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "tgi.serviceAccountName" . }}
+ labels:
+ {{- include "tgi.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}
diff --git a/helm-charts/common/tgi/values.yaml b/helm-charts/common/tgi/values.yaml
index d58db193a..827138d05 100644
--- a/helm-charts/common/tgi/values.yaml
+++ b/helm-charts/common/tgi/values.yaml
@@ -36,6 +36,17 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: false
+ # Automatically mount a ServiceAccount's API credentials?
+ automount: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
podAnnotations: {}
podSecurityContext: {}
@@ -129,6 +140,10 @@ global:
https_proxy: ""
no_proxy: ""
HUGGINGFACEHUB_API_TOKEN: "insert-your-huggingface-token-here"
+ # service account name to be shared with all parent/child charts.
+ # If set, it will overwrite serviceAccount.name.
+ # If set, and serviceAccount.create is false, it will assume this service account is already created by others.
+ sharedSAName: ""
# Choose where to save your downloaded models
# Set modelUseHostPath for local directory, this is good for one node test. Example:
diff --git a/helm-charts/common/tts/templates/_helpers.tpl b/helm-charts/common/tts/templates/_helpers.tpl
index 22b5e576a..4ae1516b6 100644
--- a/helm-charts/common/tts/templates/_helpers.tpl
+++ b/helm-charts/common/tts/templates/_helpers.tpl
@@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
Create the name of the service account to use
*/}}
{{- define "tts.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
+{{- if .Values.global.sharedSAName }}
+{{- .Values.global.sharedSAName }}
+{{- else if .Values.serviceAccount.create }}
{{- default (include "tts.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
diff --git a/helm-charts/common/tts/templates/deployment.yaml b/helm-charts/common/tts/templates/deployment.yaml
index 26da197a1..b00631955 100644
--- a/helm-charts/common/tts/templates/deployment.yaml
+++ b/helm-charts/common/tts/templates/deployment.yaml
@@ -25,6 +25,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "tts.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
diff --git a/helm-charts/common/tts/templates/serviceaccount.yaml b/helm-charts/common/tts/templates/serviceaccount.yaml
new file mode 100644
index 000000000..b9b47132a
--- /dev/null
+++ b/helm-charts/common/tts/templates/serviceaccount.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2024 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "tts.serviceAccountName" . }}
+ labels:
+ {{- include "tts.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}
diff --git a/helm-charts/common/tts/values.yaml b/helm-charts/common/tts/values.yaml
index 39214480c..ca465dfcb 100644
--- a/helm-charts/common/tts/values.yaml
+++ b/helm-charts/common/tts/values.yaml
@@ -27,6 +27,17 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: false
+ # Automatically mount a ServiceAccount's API credentials?
+ automount: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
podAnnotations: {}
podSecurityContext: {}
@@ -91,3 +102,7 @@ global:
http_proxy: ""
https_proxy: ""
no_proxy: ""
+ # service account name to be shared with all parent/child charts.
+ # If set, it will overwrite serviceAccount.name.
+ # If set, and serviceAccount.create is false, it will assume this service account is already created by others.
+ sharedSAName: ""
diff --git a/helm-charts/common/ui/templates/_helpers.tpl b/helm-charts/common/ui/templates/_helpers.tpl
index 07e404849..9ba7cbc64 100644
--- a/helm-charts/common/ui/templates/_helpers.tpl
+++ b/helm-charts/common/ui/templates/_helpers.tpl
@@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
Create the name of the service account to use
*/}}
{{- define "ui.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
+{{- if .Values.global.sharedSAName }}
+{{- .Values.global.sharedSAName }}
+{{- else if .Values.serviceAccount.create }}
{{- default (include "ui.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
diff --git a/helm-charts/common/ui/templates/deployment.yaml b/helm-charts/common/ui/templates/deployment.yaml
index 5bf8231bb..44a3299f8 100644
--- a/helm-charts/common/ui/templates/deployment.yaml
+++ b/helm-charts/common/ui/templates/deployment.yaml
@@ -25,6 +25,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "ui.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
diff --git a/helm-charts/common/ui/templates/serviceaccount.yaml b/helm-charts/common/ui/templates/serviceaccount.yaml
new file mode 100644
index 000000000..bcd96626c
--- /dev/null
+++ b/helm-charts/common/ui/templates/serviceaccount.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2024 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "ui.serviceAccountName" . }}
+ labels:
+ {{- include "ui.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}
diff --git a/helm-charts/common/ui/values.yaml b/helm-charts/common/ui/values.yaml
index 4e0beddf4..793f19453 100644
--- a/helm-charts/common/ui/values.yaml
+++ b/helm-charts/common/ui/values.yaml
@@ -18,6 +18,17 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: false
+ # Automatically mount a ServiceAccount's API credentials?
+ automount: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
podAnnotations: {}
podSecurityContext: {}
@@ -96,4 +107,8 @@ DATAPREP_GET_FILE_ENDPOINT: "/v1/dataprep/get_file"
# data preparation delete file service URL, default to Mega data preparation service
DATAPREP_DELETE_FILE_ENDPOINT: "/v1/dataprep/delete_file"
-global: {}
+global:
+ # service account name to be shared with all parent/child charts.
+ # If set, it will overwrite serviceAccount.name.
+ # If set, and serviceAccount.create is false, it will assume this service account is already created by others.
+ sharedSAName: ""
diff --git a/helm-charts/common/vllm/templates/_helpers.tpl b/helm-charts/common/vllm/templates/_helpers.tpl
index 41b1f8d66..63ec9e61d 100644
--- a/helm-charts/common/vllm/templates/_helpers.tpl
+++ b/helm-charts/common/vllm/templates/_helpers.tpl
@@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
Create the name of the service account to use
*/}}
{{- define "vllm.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
+{{- if .Values.global.sharedSAName }}
+{{- .Values.global.sharedSAName }}
+{{- else if .Values.serviceAccount.create }}
{{- default (include "vllm.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
diff --git a/helm-charts/common/vllm/templates/deployment.yaml b/helm-charts/common/vllm/templates/deployment.yaml
index 66b5e3722..63aba08ff 100644
--- a/helm-charts/common/vllm/templates/deployment.yaml
+++ b/helm-charts/common/vllm/templates/deployment.yaml
@@ -25,6 +25,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "vllm.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
diff --git a/helm-charts/common/vllm/templates/serviceaccount.yaml b/helm-charts/common/vllm/templates/serviceaccount.yaml
new file mode 100644
index 000000000..b5f231597
--- /dev/null
+++ b/helm-charts/common/vllm/templates/serviceaccount.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2024 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "vllm.serviceAccountName" . }}
+ labels:
+ {{- include "vllm.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}
diff --git a/helm-charts/common/vllm/values.yaml b/helm-charts/common/vllm/values.yaml
index fb599ccd3..c8958e3e0 100644
--- a/helm-charts/common/vllm/values.yaml
+++ b/helm-charts/common/vllm/values.yaml
@@ -20,6 +20,17 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: false
+ # Automatically mount a ServiceAccount's API credentials?
+ automount: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
podAnnotations: {}
podSecurityContext: {}
@@ -88,6 +99,10 @@ global:
https_proxy: ""
no_proxy: ""
HUGGINGFACEHUB_API_TOKEN: "insert-your-huggingface-token-here"
+ # service account name to be shared with all parent/child charts.
+ # If set, it will overwrite serviceAccount.name.
+ # If set, and serviceAccount.create is false, it will assume this service account is already created by others.
+ sharedSAName: ""
# Choose where to save your downloaded models
# Set modelUseHostPath for local directory, this is good for one node test. Example:
diff --git a/helm-charts/common/web-retriever/templates/_helpers.tpl b/helm-charts/common/web-retriever/templates/_helpers.tpl
index 1bdb3e1b2..de5b570c8 100644
--- a/helm-charts/common/web-retriever/templates/_helpers.tpl
+++ b/helm-charts/common/web-retriever/templates/_helpers.tpl
@@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
Create the name of the service account to use
*/}}
{{- define "web-retriever.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
+{{- if .Values.global.sharedSAName }}
+{{- .Values.global.sharedSAName }}
+{{- else if .Values.serviceAccount.create }}
{{- default (include "web-retriever.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
diff --git a/helm-charts/common/web-retriever/templates/deployment.yaml b/helm-charts/common/web-retriever/templates/deployment.yaml
index 307206d3b..25b01790a 100644
--- a/helm-charts/common/web-retriever/templates/deployment.yaml
+++ b/helm-charts/common/web-retriever/templates/deployment.yaml
@@ -25,6 +25,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "web-retriever.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
diff --git a/helm-charts/common/web-retriever/templates/serviceaccount.yaml b/helm-charts/common/web-retriever/templates/serviceaccount.yaml
new file mode 100644
index 000000000..1e8065bb2
--- /dev/null
+++ b/helm-charts/common/web-retriever/templates/serviceaccount.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2024 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "web-retriever.serviceAccountName" . }}
+ labels:
+ {{- include "web-retriever.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}
diff --git a/helm-charts/common/web-retriever/values.yaml b/helm-charts/common/web-retriever/values.yaml
index e3d254476..12aba2905 100644
--- a/helm-charts/common/web-retriever/values.yaml
+++ b/helm-charts/common/web-retriever/values.yaml
@@ -29,6 +29,17 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: false
+ # Automatically mount a ServiceAccount's API credentials?
+ automount: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
podAnnotations: {}
podSecurityContext: {}
@@ -93,3 +104,7 @@ global:
http_proxy: ""
https_proxy: ""
no_proxy: ""
+ # service account name to be shared with all parent/child charts.
+ # If set, it will overwrite serviceAccount.name.
+ # If set, and serviceAccount.create is false, it will assume this service account is already created by others.
+ sharedSAName: ""
diff --git a/helm-charts/common/whisper/templates/_helpers.tpl b/helm-charts/common/whisper/templates/_helpers.tpl
index 264e205a4..8c98682c3 100644
--- a/helm-charts/common/whisper/templates/_helpers.tpl
+++ b/helm-charts/common/whisper/templates/_helpers.tpl
@@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
Create the name of the service account to use
*/}}
{{- define "whisper.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
+{{- if .Values.global.sharedSAName }}
+{{- .Values.global.sharedSAName }}
+{{- else if .Values.serviceAccount.create }}
{{- default (include "whisper.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
diff --git a/helm-charts/common/whisper/templates/deployment.yaml b/helm-charts/common/whisper/templates/deployment.yaml
index c5d79899c..66b31dd37 100644
--- a/helm-charts/common/whisper/templates/deployment.yaml
+++ b/helm-charts/common/whisper/templates/deployment.yaml
@@ -25,6 +25,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "whisper.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
diff --git a/helm-charts/common/whisper/templates/serviceaccount.yaml b/helm-charts/common/whisper/templates/serviceaccount.yaml
new file mode 100644
index 000000000..427f274ba
--- /dev/null
+++ b/helm-charts/common/whisper/templates/serviceaccount.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2024 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "whisper.serviceAccountName" . }}
+ labels:
+ {{- include "whisper.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}
diff --git a/helm-charts/common/whisper/values.yaml b/helm-charts/common/whisper/values.yaml
index c368fe669..680dc3c57 100644
--- a/helm-charts/common/whisper/values.yaml
+++ b/helm-charts/common/whisper/values.yaml
@@ -20,6 +20,17 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: false
+ # Automatically mount a ServiceAccount's API credentials?
+ automount: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
podAnnotations: {}
podSecurityContext: {}
@@ -84,6 +95,10 @@ global:
http_proxy: ""
https_proxy: ""
no_proxy: ""
+ # service account name to be shared with all parent/child charts.
+ # If set, it will overwrite serviceAccount.name.
+ # If set, and serviceAccount.create is false, it will assume this service account is already created by others.
+ sharedSAName: ""
# Choose where to save your downloaded models
# Set modelUseHostPath for local directory, this is good for one node test. Example:
From b33728742663941c28a08e560d0f63a532b9555e Mon Sep 17 00:00:00 2001
From: Lianhao Lu <lianhao.lu@intel.com>
Date: Thu, 28 Nov 2024 14:00:17 +0800
Subject: [PATCH 2/2] helm: Add service account support in e2e charts
1. Add service account creation support, enabled by default.
2. Add support of sharing the same service account by setting
global.sharedSAName, enabled by default.
Signed-off-by: Lianhao Lu <lianhao.lu@intel.com>
---
helm-charts/agentqna/templates/_helpers.tpl | 4 +-
helm-charts/agentqna/templates/crag.yaml | 1 +
.../agentqna/templates/docretriever.yaml | 1 +
.../agentqna/templates/serviceaccount.yaml | 16 ++++++++
helm-charts/agentqna/values.yaml | 24 +++++++++++
helm-charts/audioqna/templates/_helpers.tpl | 4 +-
.../audioqna/templates/deployment.yaml | 1 +
.../audioqna/templates/serviceaccount.yaml | 16 ++++++++
helm-charts/audioqna/values.yaml | 38 ++++++++++++++----
helm-charts/chatqna/templates/_helpers.tpl | 4 +-
helm-charts/chatqna/templates/deployment.yaml | 1 +
.../chatqna/templates/serviceaccount.yaml | 16 ++++++++
helm-charts/chatqna/values.yaml | 40 +++++++++++++++----
helm-charts/codegen/templates/_helpers.tpl | 4 +-
helm-charts/codegen/templates/deployment.yaml | 1 +
.../codegen/templates/serviceaccount.yaml | 16 ++++++++
helm-charts/codegen/values.yaml | 38 ++++++++++++++----
helm-charts/codetrans/templates/_helpers.tpl | 4 +-
.../codetrans/templates/deployment.yaml | 1 +
.../codetrans/templates/serviceaccount.yaml | 16 ++++++++
helm-charts/codetrans/values.yaml | 38 ++++++++++++++----
helm-charts/docsum/templates/_helpers.tpl | 4 +-
helm-charts/docsum/templates/deployment.yaml | 1 +
helm-charts/docsum/templates/m2t.yaml | 1 +
.../docsum/templates/serviceaccount.yaml | 16 ++++++++
helm-charts/docsum/templates/v2a.yaml | 1 +
helm-charts/docsum/values.yaml | 38 ++++++++++++++----
helm-charts/faqgen/templates/_helpers.tpl | 4 +-
helm-charts/faqgen/templates/deployment.yaml | 1 +
.../faqgen/templates/serviceaccount.yaml | 16 ++++++++
helm-charts/faqgen/values.yaml | 38 ++++++++++++++----
helm-charts/visualqna/templates/_helpers.tpl | 4 +-
.../visualqna/templates/deployment.yaml | 1 +
.../visualqna/templates/serviceaccount.yaml | 16 ++++++++
helm-charts/visualqna/values.yaml | 38 ++++++++++++++----
35 files changed, 405 insertions(+), 58 deletions(-)
create mode 100644 helm-charts/agentqna/templates/serviceaccount.yaml
create mode 100644 helm-charts/audioqna/templates/serviceaccount.yaml
create mode 100644 helm-charts/chatqna/templates/serviceaccount.yaml
create mode 100644 helm-charts/codegen/templates/serviceaccount.yaml
create mode 100644 helm-charts/codetrans/templates/serviceaccount.yaml
create mode 100644 helm-charts/docsum/templates/serviceaccount.yaml
create mode 100644 helm-charts/faqgen/templates/serviceaccount.yaml
create mode 100644 helm-charts/visualqna/templates/serviceaccount.yaml
diff --git a/helm-charts/agentqna/templates/_helpers.tpl b/helm-charts/agentqna/templates/_helpers.tpl
index aee028e15..1ce711ff7 100644
--- a/helm-charts/agentqna/templates/_helpers.tpl
+++ b/helm-charts/agentqna/templates/_helpers.tpl
@@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
Create the name of the service account to use
*/}}
{{- define "agentqna.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
+{{- if .Values.global.sharedSAName }}
+{{- .Values.global.sharedSAName }}
+{{- else if .Values.serviceAccount.create }}
{{- default (include "agentqna.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
diff --git a/helm-charts/agentqna/templates/crag.yaml b/helm-charts/agentqna/templates/crag.yaml
index c6449c289..94d3c8fa7 100644
--- a/helm-charts/agentqna/templates/crag.yaml
+++ b/helm-charts/agentqna/templates/crag.yaml
@@ -28,6 +28,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "agentqna.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
diff --git a/helm-charts/agentqna/templates/docretriever.yaml b/helm-charts/agentqna/templates/docretriever.yaml
index 45c13e29c..4bc30e07c 100644
--- a/helm-charts/agentqna/templates/docretriever.yaml
+++ b/helm-charts/agentqna/templates/docretriever.yaml
@@ -28,6 +28,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "agentqna.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
diff --git a/helm-charts/agentqna/templates/serviceaccount.yaml b/helm-charts/agentqna/templates/serviceaccount.yaml
new file mode 100644
index 000000000..a04ff655f
--- /dev/null
+++ b/helm-charts/agentqna/templates/serviceaccount.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2024 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "agentqna.serviceAccountName" . }}
+ labels:
+ {{- include "agentqna.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}
diff --git a/helm-charts/agentqna/values.yaml b/helm-charts/agentqna/values.yaml
index 64fa95cea..ae85c6224 100644
--- a/helm-charts/agentqna/values.yaml
+++ b/helm-charts/agentqna/values.yaml
@@ -7,6 +7,26 @@
replicaCount: 1
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: true
+ # Automatically mount a ServiceAccount's API credentials?
+ automount: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
+podAnnotations: {}
+
+podSecurityContext: {}
+ # fsGroup: 2000
+
securityContext:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
@@ -102,6 +122,10 @@ global:
https_proxy: ""
no_proxy: ""
HUGGINGFACEHUB_API_TOKEN: "insert-your-huggingface-token-here"
+ # service account name to be shared with all parent/child charts.
+ # If set, it will overwrite serviceAccount.name.
+ # If set, and serviceAccount.create is false, it will assume this service account is already created by others.
+ sharedSAName: "agentqna"
# set modelUseHostPath or modelUsePVC to use model cache.
modelUseHostPath: ""
# modelUseHostPath: /mnt/opea-models
diff --git a/helm-charts/audioqna/templates/_helpers.tpl b/helm-charts/audioqna/templates/_helpers.tpl
index cf5a0e50d..a9bcd9f82 100644
--- a/helm-charts/audioqna/templates/_helpers.tpl
+++ b/helm-charts/audioqna/templates/_helpers.tpl
@@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
Create the name of the service account to use
*/}}
{{- define "audioqna.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
+{{- if .Values.global.sharedSAName }}
+{{- .Values.global.sharedSAName }}
+{{- else if .Values.serviceAccount.create }}
{{- default (include "audioqna.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
diff --git a/helm-charts/audioqna/templates/deployment.yaml b/helm-charts/audioqna/templates/deployment.yaml
index 3f4ffd6b9..4282fc304 100644
--- a/helm-charts/audioqna/templates/deployment.yaml
+++ b/helm-charts/audioqna/templates/deployment.yaml
@@ -28,6 +28,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "audioqna.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
diff --git a/helm-charts/audioqna/templates/serviceaccount.yaml b/helm-charts/audioqna/templates/serviceaccount.yaml
new file mode 100644
index 000000000..dea9789a3
--- /dev/null
+++ b/helm-charts/audioqna/templates/serviceaccount.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2024 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "audioqna.serviceAccountName" . }}
+ labels:
+ {{- include "audioqna.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}
diff --git a/helm-charts/audioqna/values.yaml b/helm-charts/audioqna/values.yaml
index e6f5c783e..8ea01bb44 100644
--- a/helm-charts/audioqna/values.yaml
+++ b/helm-charts/audioqna/values.yaml
@@ -14,14 +14,25 @@ image:
# Overrides the image tag whose default is the chart appVersion.
tag: "latest"
-port: 8888
-service:
- type: ClusterIP
- port: 3008
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
-nginx:
- service:
- type: NodePort
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: true
+ # Automatically mount a ServiceAccount's API credentials?
+ automount: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
+podAnnotations: {}
+
+podSecurityContext: {}
+ # fsGroup: 2000
securityContext:
readOnlyRootFilesystem: true
@@ -34,6 +45,15 @@ securityContext:
seccompProfile:
type: RuntimeDefault
+port: 8888
+service:
+ type: ClusterIP
+ port: 3008
+
+nginx:
+ service:
+ type: NodePort
+
nodeSelector: {}
tolerations: []
@@ -57,6 +77,10 @@ global:
https_proxy: ""
no_proxy: ""
HUGGINGFACEHUB_API_TOKEN: "insert-your-huggingface-token-here"
+ # service account name to be shared with all parent/child charts.
+ # If set, it will overwrite serviceAccount.name.
+ # If set, and serviceAccount.create is false, it will assume this service account is already created by others.
+ sharedSAName: "audioqna"
# set modelUseHostPath or modelUsePVC to use model cache.
modelUseHostPath: ""
# modelUseHostPath: /mnt/opea-models
diff --git a/helm-charts/chatqna/templates/_helpers.tpl b/helm-charts/chatqna/templates/_helpers.tpl
index 63cc642b9..ab47b7b41 100644
--- a/helm-charts/chatqna/templates/_helpers.tpl
+++ b/helm-charts/chatqna/templates/_helpers.tpl
@@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
Create the name of the service account to use
*/}}
{{- define "chatqna.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
+{{- if .Values.global.sharedSAName }}
+{{- .Values.global.sharedSAName }}
+{{- else if .Values.serviceAccount.create }}
{{- default (include "chatqna.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
diff --git a/helm-charts/chatqna/templates/deployment.yaml b/helm-charts/chatqna/templates/deployment.yaml
index ced873870..6f19fee10 100644
--- a/helm-charts/chatqna/templates/deployment.yaml
+++ b/helm-charts/chatqna/templates/deployment.yaml
@@ -28,6 +28,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "chatqna.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
diff --git a/helm-charts/chatqna/templates/serviceaccount.yaml b/helm-charts/chatqna/templates/serviceaccount.yaml
new file mode 100644
index 000000000..3ff18985a
--- /dev/null
+++ b/helm-charts/chatqna/templates/serviceaccount.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2024 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "chatqna.serviceAccountName" . }}
+ labels:
+ {{- include "chatqna.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}
diff --git a/helm-charts/chatqna/values.yaml b/helm-charts/chatqna/values.yaml
index 0082c2ab0..5558cf62b 100644
--- a/helm-charts/chatqna/values.yaml
+++ b/helm-charts/chatqna/values.yaml
@@ -14,14 +14,25 @@ image:
# Overrides the image tag whose default is the chart appVersion.
tag: "latest"
-port: 8888
-service:
- type: ClusterIP
- port: 8888
-
-nginx:
- service:
- type: NodePort
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: true
+ # Automatically mount a ServiceAccount's API credentials?
+ automount: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
+podAnnotations: {}
+
+podSecurityContext: {}
+ # fsGroup: 2000
securityContext:
readOnlyRootFilesystem: true
@@ -34,6 +45,15 @@ securityContext:
seccompProfile:
type: RuntimeDefault
+port: 8888
+service:
+ type: ClusterIP
+ port: 8888
+
+nginx:
+ service:
+ type: NodePort
+
nodeSelector: {}
tolerations: []
@@ -67,6 +87,10 @@ global:
https_proxy: ""
no_proxy: ""
HUGGINGFACEHUB_API_TOKEN: "insert-your-huggingface-token-here"
+ # service account name to be shared with all parent/child charts.
+ # If set, it will overwrite serviceAccount.name.
+ # If set, and serviceAccount.create is false, it will assume this service account is already created by others.
+ sharedSAName: "chatqna"
# set modelUseHostPath or modelUsePVC to use model cache.
modelUseHostPath: ""
# modelUseHostPath: /mnt/opea-models
diff --git a/helm-charts/codegen/templates/_helpers.tpl b/helm-charts/codegen/templates/_helpers.tpl
index 97a5ea9fc..2db3b1dc7 100644
--- a/helm-charts/codegen/templates/_helpers.tpl
+++ b/helm-charts/codegen/templates/_helpers.tpl
@@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
Create the name of the service account to use
*/}}
{{- define "codegen.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
+{{- if .Values.global.sharedSAName }}
+{{- .Values.global.sharedSAName }}
+{{- else if .Values.serviceAccount.create }}
{{- default (include "codegen.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
diff --git a/helm-charts/codegen/templates/deployment.yaml b/helm-charts/codegen/templates/deployment.yaml
index 7e271b548..d473b7a8f 100644
--- a/helm-charts/codegen/templates/deployment.yaml
+++ b/helm-charts/codegen/templates/deployment.yaml
@@ -28,6 +28,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "codegen.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
diff --git a/helm-charts/codegen/templates/serviceaccount.yaml b/helm-charts/codegen/templates/serviceaccount.yaml
new file mode 100644
index 000000000..57cbc93c6
--- /dev/null
+++ b/helm-charts/codegen/templates/serviceaccount.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2024 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "codegen.serviceAccountName" . }}
+ labels:
+ {{- include "codegen.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}
diff --git a/helm-charts/codegen/values.yaml b/helm-charts/codegen/values.yaml
index cbe72f159..c97e8911a 100644
--- a/helm-charts/codegen/values.yaml
+++ b/helm-charts/codegen/values.yaml
@@ -14,14 +14,25 @@ image:
# Overrides the image tag whose default is the chart appVersion.
tag: "latest"
-port: 7778
-service:
- type: ClusterIP
- port: 7778
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
-nginx:
- service:
- type: NodePort
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: true
+ # Automatically mount a ServiceAccount's API credentials?
+ automount: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
+podAnnotations: {}
+
+podSecurityContext: {}
+ # fsGroup: 2000
securityContext:
readOnlyRootFilesystem: true
@@ -34,6 +45,15 @@ securityContext:
seccompProfile:
type: RuntimeDefault
+port: 7778
+service:
+ type: ClusterIP
+ port: 7778
+
+nginx:
+ service:
+ type: NodePort
+
nodeSelector: {}
tolerations: []
@@ -56,6 +76,10 @@ global:
https_proxy: ""
no_proxy: ""
HUGGINGFACEHUB_API_TOKEN: "insert-your-huggingface-token-here"
+ # service account name to be shared with all parent/child charts.
+ # If set, it will overwrite serviceAccount.name.
+ # If set, and serviceAccount.create is false, it will assume this service account is already created by others.
+ sharedSAName: "codegen"
# set modelUseHostPath or modelUsePVC to use model cache.
modelUseHostPath: ""
# modelUseHostPath: /mnt/opea-models
diff --git a/helm-charts/codetrans/templates/_helpers.tpl b/helm-charts/codetrans/templates/_helpers.tpl
index 452ed1a9d..34555a661 100644
--- a/helm-charts/codetrans/templates/_helpers.tpl
+++ b/helm-charts/codetrans/templates/_helpers.tpl
@@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
Create the name of the service account to use
*/}}
{{- define "codetrans.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
+{{- if .Values.global.sharedSAName }}
+{{- .Values.global.sharedSAName }}
+{{- else if .Values.serviceAccount.create }}
{{- default (include "codetrans.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
diff --git a/helm-charts/codetrans/templates/deployment.yaml b/helm-charts/codetrans/templates/deployment.yaml
index aa5e2a5c9..f7dba9a44 100644
--- a/helm-charts/codetrans/templates/deployment.yaml
+++ b/helm-charts/codetrans/templates/deployment.yaml
@@ -28,6 +28,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "codetrans.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
diff --git a/helm-charts/codetrans/templates/serviceaccount.yaml b/helm-charts/codetrans/templates/serviceaccount.yaml
new file mode 100644
index 000000000..9dc1cae45
--- /dev/null
+++ b/helm-charts/codetrans/templates/serviceaccount.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2024 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "codetrans.serviceAccountName" . }}
+ labels:
+ {{- include "codetrans.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}
diff --git a/helm-charts/codetrans/values.yaml b/helm-charts/codetrans/values.yaml
index 79dec68a2..e34421ed0 100644
--- a/helm-charts/codetrans/values.yaml
+++ b/helm-charts/codetrans/values.yaml
@@ -15,14 +15,25 @@ image:
# Overrides the image tag whose default is the chart appVersion.
tag: "latest"
-port: 7777
-service:
- type: ClusterIP
- port: 7777
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
-nginx:
- service:
- type: NodePort
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: true
+ # Automatically mount a ServiceAccount's API credentials?
+ automount: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
+podAnnotations: {}
+
+podSecurityContext: {}
+ # fsGroup: 2000
securityContext:
readOnlyRootFilesystem: true
@@ -35,6 +46,15 @@ securityContext:
seccompProfile:
type: RuntimeDefault
+port: 7777
+service:
+ type: ClusterIP
+ port: 7777
+
+nginx:
+ service:
+ type: NodePort
+
nodeSelector: {}
tolerations: []
@@ -57,6 +77,10 @@ global:
https_proxy: ""
no_proxy: ""
HUGGINGFACEHUB_API_TOKEN: "insert-your-huggingface-token-here"
+ # service account name to be shared with all parent/child charts.
+ # If set, it will overwrite serviceAccount.name.
+ # If set, and serviceAccount.create is false, it will assume this service account is already created by others.
+ sharedSAName: "codetrans"
# set modelUseHostPath or modelUsePVC to use model cache.
modelUseHostPath: ""
# modelUseHostPath: /mnt/opea-models
diff --git a/helm-charts/docsum/templates/_helpers.tpl b/helm-charts/docsum/templates/_helpers.tpl
index 48d7f924c..e963d725a 100644
--- a/helm-charts/docsum/templates/_helpers.tpl
+++ b/helm-charts/docsum/templates/_helpers.tpl
@@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
Create the name of the service account to use
*/}}
{{- define "docsum.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
+{{- if .Values.global.sharedSAName }}
+{{- .Values.global.sharedSAName }}
+{{- else if .Values.serviceAccount.create }}
{{- default (include "docsum.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
diff --git a/helm-charts/docsum/templates/deployment.yaml b/helm-charts/docsum/templates/deployment.yaml
index f6315d70f..cc2a281a4 100644
--- a/helm-charts/docsum/templates/deployment.yaml
+++ b/helm-charts/docsum/templates/deployment.yaml
@@ -28,6 +28,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "docsum.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
diff --git a/helm-charts/docsum/templates/m2t.yaml b/helm-charts/docsum/templates/m2t.yaml
index d0e6c775c..897dabf88 100644
--- a/helm-charts/docsum/templates/m2t.yaml
+++ b/helm-charts/docsum/templates/m2t.yaml
@@ -28,6 +28,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "docsum.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
diff --git a/helm-charts/docsum/templates/serviceaccount.yaml b/helm-charts/docsum/templates/serviceaccount.yaml
new file mode 100644
index 000000000..5547a38d6
--- /dev/null
+++ b/helm-charts/docsum/templates/serviceaccount.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2024 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "docsum.serviceAccountName" . }}
+ labels:
+ {{- include "docsum.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}
diff --git a/helm-charts/docsum/templates/v2a.yaml b/helm-charts/docsum/templates/v2a.yaml
index c99fd4b3c..db192bfdc 100644
--- a/helm-charts/docsum/templates/v2a.yaml
+++ b/helm-charts/docsum/templates/v2a.yaml
@@ -28,6 +28,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "docsum.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
diff --git a/helm-charts/docsum/values.yaml b/helm-charts/docsum/values.yaml
index 68e295864..a473a15f3 100644
--- a/helm-charts/docsum/values.yaml
+++ b/helm-charts/docsum/values.yaml
@@ -33,14 +33,25 @@ m2t:
type: ClusterIP
port: 7079
-port: 8888
-service:
- type: ClusterIP
- port: 8888
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
-nginx:
- service:
- type: NodePort
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: true
+ # Automatically mount a ServiceAccount's API credentials?
+ automount: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
+podAnnotations: {}
+
+podSecurityContext: {}
+ # fsGroup: 2000
securityContext:
readOnlyRootFilesystem: true
@@ -53,6 +64,15 @@ securityContext:
seccompProfile:
type: RuntimeDefault
+port: 8888
+service:
+ type: ClusterIP
+ port: 8888
+
+nginx:
+ service:
+ type: NodePort
+
nodeSelector: {}
tolerations: []
@@ -80,6 +100,10 @@ global:
https_proxy: ""
no_proxy: ""
HUGGINGFACEHUB_API_TOKEN: "insert-your-huggingface-token-here"
+ # service account name to be shared with all parent/child charts.
+ # If set, it will overwrite serviceAccount.name.
+ # If set, and serviceAccount.create is false, it will assume this service account is already created by others.
+ sharedSAName: "docsum"
# set modelUseHostPath or modelUsePVC to use model cache.
modelUseHostPath: ""
# modelUseHostPath: /mnt/opea-models
diff --git a/helm-charts/faqgen/templates/_helpers.tpl b/helm-charts/faqgen/templates/_helpers.tpl
index f5913492b..9b543631a 100644
--- a/helm-charts/faqgen/templates/_helpers.tpl
+++ b/helm-charts/faqgen/templates/_helpers.tpl
@@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
Create the name of the service account to use
*/}}
{{- define "faqgen.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
+{{- if .Values.global.sharedSAName }}
+{{- .Values.global.sharedSAName }}
+{{- else if .Values.serviceAccount.create }}
{{- default (include "faqgen.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
diff --git a/helm-charts/faqgen/templates/deployment.yaml b/helm-charts/faqgen/templates/deployment.yaml
index b759c0316..bd9bbcc43 100644
--- a/helm-charts/faqgen/templates/deployment.yaml
+++ b/helm-charts/faqgen/templates/deployment.yaml
@@ -28,6 +28,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "faqgen.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
diff --git a/helm-charts/faqgen/templates/serviceaccount.yaml b/helm-charts/faqgen/templates/serviceaccount.yaml
new file mode 100644
index 000000000..d468072e4
--- /dev/null
+++ b/helm-charts/faqgen/templates/serviceaccount.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2024 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "faqgen.serviceAccountName" . }}
+ labels:
+ {{- include "faqgen.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}
diff --git a/helm-charts/faqgen/values.yaml b/helm-charts/faqgen/values.yaml
index d382d7b0b..75da4f674 100644
--- a/helm-charts/faqgen/values.yaml
+++ b/helm-charts/faqgen/values.yaml
@@ -14,14 +14,25 @@ image:
# Overrides the image tag whose default is the chart appVersion.
tag: "latest"
-port: 8888
-service:
- type: ClusterIP
- port: 8888
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
-nginx:
- service:
- type: NodePort
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: true
+ # Automatically mount a ServiceAccount's API credentials?
+ automount: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
+podAnnotations: {}
+
+podSecurityContext: {}
+ # fsGroup: 2000
securityContext:
readOnlyRootFilesystem: true
@@ -34,6 +45,15 @@ securityContext:
seccompProfile:
type: RuntimeDefault
+port: 8888
+service:
+ type: ClusterIP
+ port: 8888
+
+nginx:
+ service:
+ type: NodePort
+
nodeSelector: {}
tolerations: []
@@ -61,6 +81,10 @@ global:
https_proxy: ""
no_proxy: ""
HUGGINGFACEHUB_API_TOKEN: "insert-your-huggingface-token-here"
+ # service account name to be shared with all parent/child charts.
+ # If set, it will overwrite serviceAccount.name.
+ # If set, and serviceAccount.create is false, it will assume this service account is already created by others.
+ sharedSAName: "faqgen"
# set modelUseHostPath or modelUsePVC to use model cache.
modelUseHostPath: ""
# modelUseHostPath: /mnt/opea-models
diff --git a/helm-charts/visualqna/templates/_helpers.tpl b/helm-charts/visualqna/templates/_helpers.tpl
index 68b296a94..1b4124588 100644
--- a/helm-charts/visualqna/templates/_helpers.tpl
+++ b/helm-charts/visualqna/templates/_helpers.tpl
@@ -54,7 +54,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
Create the name of the service account to use
*/}}
{{- define "visualqna.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
+{{- if .Values.global.sharedSAName }}
+{{- .Values.global.sharedSAName }}
+{{- else if .Values.serviceAccount.create }}
{{- default (include "visualqna.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
diff --git a/helm-charts/visualqna/templates/deployment.yaml b/helm-charts/visualqna/templates/deployment.yaml
index 5ef74e995..1964fc6d0 100644
--- a/helm-charts/visualqna/templates/deployment.yaml
+++ b/helm-charts/visualqna/templates/deployment.yaml
@@ -28,6 +28,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "visualqna.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
diff --git a/helm-charts/visualqna/templates/serviceaccount.yaml b/helm-charts/visualqna/templates/serviceaccount.yaml
new file mode 100644
index 000000000..d0c9fe35b
--- /dev/null
+++ b/helm-charts/visualqna/templates/serviceaccount.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2024 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "visualqna.serviceAccountName" . }}
+ labels:
+ {{- include "visualqna.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}
diff --git a/helm-charts/visualqna/values.yaml b/helm-charts/visualqna/values.yaml
index f4a34ffd9..68c85e6c9 100644
--- a/helm-charts/visualqna/values.yaml
+++ b/helm-charts/visualqna/values.yaml
@@ -14,13 +14,25 @@ image:
# Overrides the image tag whose default is the chart appVersion.
tag: "latest"
-nginx:
- service:
- type: NodePort
-port: 8888
-service:
- type: ClusterIP
- port: 8888
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: true
+ # Automatically mount a ServiceAccount's API credentials?
+ automount: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
+podAnnotations: {}
+
+podSecurityContext: {}
+ # fsGroup: 2000
securityContext:
readOnlyRootFilesystem: true
@@ -33,6 +45,14 @@ securityContext:
seccompProfile:
type: RuntimeDefault
+nginx:
+ service:
+ type: NodePort
+port: 8888
+service:
+ type: ClusterIP
+ port: 8888
+
nodeSelector: {}
tolerations: []
@@ -62,6 +82,10 @@ global:
https_proxy: ""
no_proxy: ""
HUGGINGFACEHUB_API_TOKEN: "insert-your-huggingface-token-here"
+ # service account name to be shared with all parent/child charts.
+ # If set, it will overwrite serviceAccount.name.
+ # If set, and serviceAccount.create is false, it will assume this service account is already created by others.
+ sharedSAName: "visualqna"
# set modelUseHostPath or modelUsePVC to use model cache.
modelUseHostPath: ""
# modelUseHostPath: /mnt/opea-models