Merge pull request 'feat: add service account' (#6272) from tmp/talos-3 into main

Reviewed-on: #6272
2026-04-26 17:37:11 +00:00
parent 3a94d04e63 bf108a2beb
commit 371047eb41
4 changed files with 18 additions and 26 deletions
--- a/clusters/cl01tl/helm/talos/templates/_helpers.tpl
+++ b/clusters/cl01tl/helm/talos/templates/_helpers.tpl
@@ -12,13 +12,3 @@ Selector labels
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/part-of: {{ .Release.Name }}
 {{- end }}
 {{/*
 ServiceAccount names
 */}}
 {{- define "custom.serviceAccountName" -}}
 talos-backup
 {{- end -}}
 {{- define "custom.serviceAccountSecretsName" -}}
 talos-backup-secrets
 {{- end -}}
--- a/clusters/cl01tl/helm/talos/templates/secret-provider-class.yaml
+++ b/clusters/cl01tl/helm/talos/templates/secret-provider-class.yaml
@@ -10,7 +10,7 @@ spec:
  provider: openbao
  parameters:
    baoAddress: "http://openbao-internal.openbao:8200"
-    roleName: {{ include "custom.serviceAccountName" . }}
+    roleName: talos-backup
    objects: |
      - objectName: .s3cfg
        fileName: .s3cfg
@@ -30,7 +30,7 @@ spec:
  provider: openbao
  parameters:
    baoAddress: "http://openbao-internal.openbao:8200"
-    roleName: {{ include "custom.serviceAccountName" . }}
+    roleName: talos-backup
    objects: |
      - objectName: .s3cfg
        fileName: .s3cfg
@@ -50,7 +50,7 @@ spec:
  provider: openbao
  parameters:
    baoAddress: "http://openbao-internal.openbao:8200"
-    roleName: {{ include "custom.serviceAccountName" . }}
+    roleName: talos-backup
    objects: |
      - objectName: .s3cfg
        fileName: .s3cfg
@@ -70,7 +70,7 @@ spec:
  provider: openbao
  parameters:
    baoAddress: "http://openbao-internal.openbao:8200"
-    roleName: {{ include "custom.serviceAccountName" . }}
+    roleName: talos-defrag
    objects: |
      - objectName: config
        fileName: config
--- a/clusters/cl01tl/helm/talos/templates/service-account.yaml
+++ b/clusters/cl01tl/helm/talos/templates/service-account.yaml
@@ -1,20 +1,10 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ include "custom.serviceAccountName" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ include "custom.serviceAccountName" . }}
    {{- include "custom.labels" . | nindent 4 }}
 ---
 apiVersion: talos.dev/v1alpha1
 kind: ServiceAccount
 metadata:
-  name: {{ include "custom.serviceAccountSecretsName" . }}
+  name: talos-backup-secrets
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: {{ include "custom.serviceAccountSecretsName" . }}
+    app.kubernetes.io/name: talos-backup-secrets
    {{- include "custom.labels" . | nindent 4 }}
 spec:
  roles:
--- a/clusters/cl01tl/helm/talos/values.yaml
+++ b/clusters/cl01tl/helm/talos/values.yaml
@@ -264,6 +264,9 @@ etcd-backup:
              value: External
            - name: DATE_RANGE_SECONDS
              value: "1209600"
  serviceAccount:
    talos-backup:
      enabled: true
  persistence:
    secret:
      enabled: true
@@ -399,6 +402,8 @@ etcd-defrag:
        schedule: 0 0 * * 0
        backoffLimit: 3
        parallelism: 1
      serviceAccount:
        name: talos-defrag
      containers:
        main:
          image:
@@ -427,6 +432,8 @@ etcd-defrag:
        schedule: 10 0 * * 0
        backoffLimit: 3
        parallelism: 1
      serviceAccount:
        name: talos-defrag
      containers:
        main:
          image:
@@ -455,6 +462,8 @@ etcd-defrag:
        schedule: 20 0 * * 0
        backoffLimit: 3
        parallelism: 1
      serviceAccount:
        name: talos-defrag
      containers:
        main:
          image:
@@ -468,6 +477,9 @@ etcd-defrag:
          env:
            - name: TALOSCONFIG
              value: /tmp/.talos/config
  serviceAccount:
    talos-defrag:
      enabled: true
  persistence:
    config:
      type: custom