Fixup service account naming and annotations

Author: cabrinha

dist/chart/templates/_helpers.tpl

@@ -91,3 +91,60 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
+
+{{/*
+Create the name of the controller manager service account
+*/}}
+{{- define "aibrix.controllerManager.serviceAccountName" -}}
+{{- if and .Values.controllerManager.serviceAccount.create (eq .Values.controllerManager.serviceAccount.name "") -}}
+{{- $sa := default (include "aibrix.fullname" .) .Values.controllerManager.serviceAccount.name }}
+{{- printf "%s-controller-manager" $sa }}
+{{- else if and .Values.controllerManager.serviceAccount.create (not (eq .Values.controllerManager.serviceAccount.name "")) -}}
+{{- .Values.controllerManager.serviceAccount.name -}}
+{{- else -}}
+{{- include "aibrix.serviceAccountName" . -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the gateway plugin service account
+*/}}
+{{- define "aibrix.gatewayPlugin.serviceAccountName" -}}
+{{- if and .Values.gatewayPlugin.serviceAccount.create (eq .Values.gatewayPlugin.serviceAccount.name "") -}}
+{{- $sa := default (include "aibrix.fullname" .) .Values.gatewayPlugin.serviceAccount.name }}
+{{- printf "%s-gateway-plugin" $sa }}
+{{- else if and .Values.gatewayPlugin.serviceAccount.create (not (eq .Values.gatewayPlugin.serviceAccount.name "")) -}}
+{{- .Values.gatewayPlugin.serviceAccount.name -}}
+{{- else -}}
+{{- include "aibrix.serviceAccountName" . -}}
+{{- end -}}
+{{- end -}}
+
+
+{{/*
+Create the name of the gateway plugin service account
+*/}}
+{{- define "aibrix.gpuOptimizer.serviceAccountName" -}}
+{{- if and .Values.gpuOptimizer.serviceAccount.create (eq .Values.gpuOptimizer.serviceAccount.name "") -}}
+{{- $sa := default (include "aibrix.fullname" .) .Values.gpuOptimizer.serviceAccount.name }}
+{{- printf "%s-gpu-optimizer" $sa }}
+{{- else if and .Values.gpuOptimizer.serviceAccount.create (not (eq .Values.gpuOptimizer.serviceAccount.name "")) -}}
+{{- .Values.gpuOptimizer.serviceAccount.name -}}
+{{- else -}}
+{{- include "aibrix.serviceAccountName" . -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the metadata service service account
+*/}}
+{{- define "aibrix.metadata.serviceAccountName" -}}
+{{- if and .Values.metadata.serviceAccount.create (eq .Values.metadata.serviceAccount.name "") -}}
+{{- $sa := default (include "aibrix.fullname" .) .Values.metadata.serviceAccount.name }}
+{{- printf "%s-metadata-service" $sa }}
+{{- else if and .Values.metadata.serviceAccount.create (not (eq .Values.metadata.serviceAccount.name "")) -}}
+{{- .Values.metadata.serviceAccount.name -}}
+{{- else -}}
+{{- include "aibrix.serviceAccountName" . -}}
+{{- end -}}
+{{- end -}}

dist/chart/templates/controller-manager/deployment.yaml

@@ -52,7 +52,7 @@ spec:
           readOnly: true
       securityContext:
         runAsNonRoot: true
-      serviceAccountName: {{ include "aibrix.serviceAccountName" . }}-controller-manager
+      serviceAccountName: {{ include "aibrix.controllerManager.serviceAccountName" . }}
       terminationGracePeriodSeconds: 10
       volumes:
       - name: cert

dist/chart/templates/controller-manager/rbac.yaml

@@ -1,9 +1,11 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
+  name: {{ include "aibrix.controllerManager.serviceAccountName" . }}
+  annotations:
+    {{- toYaml .Values.controllerManager.serviceAccount.annotations | nindent 4 }}
   labels:
     {{- include "aibrix.labels" . | nindent 4 }}
-  name: {{ include "aibrix.serviceAccountName" . }}-controller-manager
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -312,14 +314,13 @@ roleRef:
   name: {{ include "aibrix.fullname" . }}-controller-manager
 subjects:
 - kind: ServiceAccount
-  name: {{ include "aibrix.serviceAccountName" . }}-controller-manager
+  name: {{ include "aibrix.controllerManager.serviceAccountName" . }}
   namespace: {{ .Release.Namespace }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: {{ include "aibrix.fullname" . }}-controller-manager-leader-election
-  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "aibrix.labels" . | nindent 4 }}
 rules:
@@ -367,5 +368,5 @@ roleRef:
   name: {{ include "aibrix.fullname" . }}-controller-manager-leader-election
 subjects:
 - kind: ServiceAccount
-  name: {{ include "aibrix.serviceAccountName" . }}-controller-manager
+  name: {{ include "aibrix.controllerManager.serviceAccountName" . }}
   namespace: {{ .Release.Namespace }}

dist/chart/templates/gateway-instance/gateway.yaml

@@ -62,7 +62,7 @@ spec:
                     app.kubernetes.io/name: envoy
                     app.kubernetes.io/component: proxy
                 spec:
-                  {{- include "aibrix.imagePullSecrets" (dict "componentSecrets" .Values.gateway.envoyProxy.imagePullSecrets "globalSecrets") | nindent 18 }}
+                  {{- include "aibrix.imagePullSecrets" (dict "componentSecrets" .Values.gateway.envoyProxy.imagePullSecrets "globalSecrets" .Values.global.imagePullSecrets) | nindent 18 }}
                   containers:
                     - name: envoy
                       image: {{ .Values.gateway.envoyProxy.container.envoy.image }}

dist/chart/templates/gateway-plugin/deployment.yaml

@@ -107,5 +107,5 @@ spec:
             {{- toYaml .Values.gatewayPlugin.container.probes.liveness | nindent 12 }}
           readinessProbe:
             {{- toYaml .Values.gatewayPlugin.container.probes.readiness | nindent 12 }}
-      serviceAccountName: {{ include "aibrix.serviceAccountName" . }}-gateway-plugins
+      serviceAccountName: {{ include "aibrix.gatewayPlugin.serviceAccountName" . }}
 {{- end }}

dist/chart/templates/gateway-plugin/rbac.yaml

@@ -3,10 +3,12 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
+  name: {{ include "aibrix.gatewayPlugin.serviceAccountName" . }}
+  annotations:
+    {{- toYaml .Values.gatewayPlugin.serviceAccount.annotations | nindent 4 }}
   labels:
     {{- include "aibrix.labels" . | nindent 4 }}
     app.kubernetes.io/component: aibrix-gateway-plugin
-  name: {{ include "aibrix.serviceAccountName" . }}-gateway-plugins
 ---
 
 apiVersion: rbac.authorization.k8s.io/v1
@@ -63,6 +65,6 @@ roleRef:
   name: {{ include "aibrix.fullname" . }}-gateway-plugins
 subjects:
   - kind: ServiceAccount
-    name: {{ include "aibrix.serviceAccountName" . }}-gateway-plugins
+    name: {{ include "aibrix.gatewayPlugin.serviceAccountName" . }}
     namespace: {{ .Release.Namespace }}
 {{- end }}

dist/chart/templates/gpu-optimizer/deployment.yaml

@@ -17,7 +17,7 @@ spec:
         {{- include "aibrix.labels" . | nindent 8 }}
         app.kubernetes.io/component: aibrix-gpu-optimizer
     spec:
-      serviceAccountName: {{ include "aibrix.serviceAccountName" . }}-gpu-optimizer
+      serviceAccountName: {{ include "aibrix.gpuOptimizer.serviceAccountName" . }}
       automountServiceAccountToken: true
       {{- include "aibrix.imagePullSecrets" (dict "componentSecrets" .Values.gpuOptimizer.imagePullSecrets "globalSecrets" .Values.global.imagePullSecrets) | nindent 6 }}
       containers:

dist/chart/templates/gpu-optimizer/rbac.yaml

@@ -1,7 +1,9 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ include "aibrix.serviceAccountName" . }}-gpu-optimizer
+  name: {{ include "aibrix.gpuOptimizer.serviceAccountName" . }}
+  annotations:
+    {{- toYaml .Values.gpuOptimizer.serviceAccount.annotations | nindent 4 }}
   labels:
     {{- include "aibrix.labels" . | nindent 4 }}
     app.kubernetes.io/component: aibrix-gpu-optimizer
@@ -27,7 +29,7 @@ metadata:
     app.kubernetes.io/component: aibrix-gpu-optimizer
 subjects:
   - kind: ServiceAccount
-    name: {{ include "aibrix.serviceAccountName" . }}-gpu-optimizer
+    name: {{ include "aibrix.gpuOptimizer.serviceAccountName" . }}
     namespace: {{ .Release.Namespace }}
 roleRef:
   kind: ClusterRole

dist/chart/templates/metadata-service/deployment.yaml

@@ -18,7 +18,7 @@ spec:
         app.kubernetes.io/component: aibrix-metadata-service
     spec:
       {{- include "aibrix.imagePullSecrets" (dict "componentSecrets" .Values.metadata.service.imagePullSecrets "globalSecrets" .Values.global.imagePullSecrets) | nindent 6 }}
-      serviceAccountName: {{ include "aibrix.serviceAccountName" . }}-metadata-service
+      serviceAccountName: {{ include "aibrix.metadata.serviceAccountName" . }}
       initContainers:
         - name: init-redis
           image: {{ .Values.metadata.service.initContainer.image.repository }}:{{ .Values.metadata.service.initContainer.image.tag }}

dist/chart/templates/metadata-service/rbac.yaml

@@ -1,10 +1,12 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
+  name: {{ include "aibrix.metadata.serviceAccountName" . }}
+  annotations:
+    {{- toYaml .Values.metadata.serviceAccount.annotations | nindent 4 }}
   labels:
     {{- include "aibrix.labels" . | nindent 4 }}
     app.kubernetes.io/component: aibrix-metadata-service
-  name: {{ include "aibrix.serviceAccountName" . }}-metadata-service
 ---
 
 apiVersion: rbac.authorization.k8s.io/v1
@@ -52,5 +54,5 @@ roleRef:
   name: {{ include "aibrix.fullname" . }}-metadata-service-reader
 subjects:
   - kind: ServiceAccount
-    name: {{ include "aibrix.serviceAccountName" . }}-metadata-service
+    name: {{ include "aibrix.metadata.serviceAccountName" . }}
     namespace: {{ .Release.Namespace }}