alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 7 Actions Activity

feat: add service account
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 1m56s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 53s
Details

Browse Source
This commit is contained in:
Alex Lebens
2026-04-24 10:58:57 -05:00
parent ee469329c7
commit 2d1f33e96c
8 changed files with 34 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
clusters/cl01tl/helm/matrix-synapse/templates/_helpers.tpl
View File

@@ -14,7 +14,7 @@ app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }} {{- end }}
{{/* {{/*
NFS names ServiceAccount names
*/}} */}}
{{- define "custom.serviceAccountName" -}} {{- define "custom.serviceAccountName" -}}
matrix-synapse matrix-synapse

7
clusters/cl01tl/helm/talos/templates/_helpers.tpl
View File

@@ -12,3 +12,10 @@ Selector labels
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }} {{- end }}
{{/*
ServiceAccount names
*/}}
{{- define "custom.serviceAccountName" -}}
talos-backup-secrets
{{- end -}}

8
clusters/cl01tl/helm/talos/templates/secret-provider-class.yaml
View File

@@ -10,7 +10,7 @@ spec:
provider: openbao provider: openbao
parameters: parameters:
baoAddress: "http://openbao-internal.openbao:8200" baoAddress: "http://openbao-internal.openbao:8200"
roleName: slskd roleName: {{ include "custom.serviceAccountName" . }}
objects: | objects: |
- objectName: .s3cfg - objectName: .s3cfg
fileName: .s3cfg fileName: .s3cfg
@@ -30,7 +30,7 @@ spec:
provider: openbao provider: openbao
parameters: parameters:
baoAddress: "http://openbao-internal.openbao:8200" baoAddress: "http://openbao-internal.openbao:8200"
roleName: slskd roleName: {{ include "custom.serviceAccountName" . }}
objects: | objects: |
- objectName: .s3cfg - objectName: .s3cfg
fileName: .s3cfg fileName: .s3cfg
@@ -50,7 +50,7 @@ spec:
provider: openbao provider: openbao
parameters: parameters:
baoAddress: "http://openbao-internal.openbao:8200" baoAddress: "http://openbao-internal.openbao:8200"
roleName: slskd roleName: {{ include "custom.serviceAccountName" . }}
objects: | objects: |
- objectName: .s3cfg - objectName: .s3cfg
fileName: .s3cfg fileName: .s3cfg
@@ -70,7 +70,7 @@ spec:
provider: openbao provider: openbao
parameters: parameters:
baoAddress: "http://openbao-internal.openbao:8200" baoAddress: "http://openbao-internal.openbao:8200"
roleName: slskd roleName: {{ include "custom.serviceAccountName" . }}
objects: | objects: |
- objectName: config - objectName: config
fileName: config fileName: config

4
clusters/cl01tl/helm/talos/templates/service-account.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: talos.dev/v1alpha1 apiVersion: talos.dev/v1alpha1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: talos-backup-secrets name: {{ include "custom.serviceAccountName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: talos-backup-secrets app.kubernetes.io/name: {{ include "custom.serviceAccountName" . }}
{{- include "custom.labels" . | nindent 4 }} {{- include "custom.labels" . | nindent 4 }}
spec: spec:
roles: roles:

7
clusters/cl01tl/helm/vault/templates/_helpers.tpl
View File

@@ -12,3 +12,10 @@ Selector labels
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }} {{- end }}
{{/*
ServiceAccount names
*/}}
{{- define "custom.serviceAccountName" -}}
vault
{{- end -}}

6
clusters/cl01tl/helm/vault/templates/secret-provider-class.yaml
View File

@@ -10,7 +10,7 @@ spec:
provider: openbao provider: openbao
parameters: parameters:
baoAddress: "http://openbao-internal.openbao:8200" baoAddress: "http://openbao-internal.openbao:8200"
roleName: slskd roleName: vault
objects: | objects: |
- objectName: .s3cfg - objectName: .s3cfg
fileName: .s3cfg fileName: .s3cfg
@@ -30,7 +30,7 @@ spec:
provider: openbao provider: openbao
parameters: parameters:
baoAddress: "http://openbao-internal.openbao:8200" baoAddress: "http://openbao-internal.openbao:8200"
roleName: slskd roleName: vault
objects: | objects: |
- objectName: .s3cfg - objectName: .s3cfg
fileName: .s3cfg fileName: .s3cfg
@@ -50,7 +50,7 @@ spec:
provider: openbao provider: openbao
parameters: parameters:
baoAddress: "http://openbao-internal.openbao:8200" baoAddress: "http://openbao-internal.openbao:8200"
roleName: slskd roleName: vault
objects: | objects: |
- objectName: .s3cfg - objectName: .s3cfg
fileName: .s3cfg fileName: .s3cfg

8
clusters/cl01tl/helm/vault/templates/service-account.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "custom.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ include "custom.serviceAccountName" . }}
{{- include "custom.labels" . | nindent 4 }}

2
clusters/cl01tl/helm/vault/values.yaml
View File

@@ -107,6 +107,8 @@ snapshot:
schedule: 0 4 * * * schedule: 0 4 * * *
backoffLimit: 3 backoffLimit: 3
parallelism: 1 parallelism: 1
serviceAccount:
name: vault
initContainers: initContainers:
snapshot: snapshot:
image: image: