Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: dominodatalab/hephaestus
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v0.2.1
Choose a base ref
...
head repository: dominodatalab/hephaestus
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v0.2.2
Choose a head ref
  • 1 commit
  • 1 file changed
  • 1 contributor

Commits on May 30, 2023

  1. DOM-47188: Service account workload identity annos (#98) 

    When workload identity is enabled, add necessary SA annotations.
    Michael Fraenkel authored May 30, 2023
    Copy the full SHA
    4f685d8 View commit details
Showing with 8 additions and 7 deletions.
  1. +8 −7 deployments/helm/hephaestus/templates/controller/serviceaccount.yaml
15 changes: 8 additions & 7 deletions deployments/helm/hephaestus/templates/controller/serviceaccount.yaml
View file
Original file line number Diff line number Diff line change
@@ -6,18 +6,19 @@ metadata:
labels:
{{- include "hephaestus.controller.labels.standard" . | nindent 4 }}
{{- with .Values.controller }}
{{- if or .serviceAccount.annotations .manager.cloudRegistryAuth.gcp.enabled }}
{{- $azureEnabled := and .manager.cloudRegistryAuth.azure.enabled .manager.cloudRegistryAuth.azure.workloadIdentity }}
{{- if or .serviceAccount.annotations .manager.cloudRegistryAuth.gcp.enabled $azureEnabled }}
annotations:
{{- with .serviceAccount.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if .manager.cloudRegistryAuth.gcp.enabled }}
"iam.gke.io/gcp-service-account": {{ required "GCP ServiceAccount is required when enabled!" .manager.cloudRegistryAuth.gcp.serviceAccount | quote }}
{{- with .manager.cloudRegistryAuth }}
{{- if .gcp.enabled }}
"iam.gke.io/gcp-service-account": {{ required "GCP ServiceAccount is required when enabled!" .gcp.serviceAccount | quote }}
{{- end }}
{{- with .manager.cloudRegistryAuth.azure }}
{{- if and .enabled (not .clientSecret) }}
"azure.workload.identity/client-id": {{ required "Azure clientID is required when enabled!" .clientID | quote }}
"azure.workload.identity/tenant-id": {{ required "Azure tenantID is required when enabled!" .tenantID | quote }}
{{- if $azureEnabled }}
"azure.workload.identity/client-id": {{ required "Azure clientID is required when enabled!" .azure.clientID | quote }}
"azure.workload.identity/tenant-id": {{ required "Azure tenantID is required when enabled!" .azure.tenantID | quote }}
{{- end }}
{{- end }}
{{- end }}