feat: add ability to customize operator service account

skyloud · Aug 11, 2024 · 1f0b4c7 · 1f0b4c7
1 parent d20a1ab
commit 1f0b4c7
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 6 deletions.
diff --git a/charts/tailscale-operator/Chart.yaml b/charts/tailscale-operator/Chart.yaml
@@ -15,4 +15,4 @@ name: tailscale-operator
 sources:
 - https://github.com/tailscale/tailscale
 type: application
-version: 1.70.2
+version: 1.70.3
diff --git a/charts/tailscale-operator/templates/apiserverproxy-rbac.yaml b/charts/tailscale-operator/templates/apiserverproxy-rbac.yaml
@@ -17,7 +17,7 @@ metadata:
   name: tailscale-auth-proxy
 subjects:
 - kind: ServiceAccount
-  name: operator
+  name: {{ .Values.operatorConfig.serviceAccount.name }}
   namespace: {{ .Release.Namespace }}
 roleRef:
   kind: ClusterRole

diff --git a/charts/tailscale-operator/templates/deployment.yaml b/charts/tailscale-operator/templates/deployment.yaml
@@ -29,7 +29,7 @@ spec:
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      serviceAccountName: operator
+      serviceAccountName: {{ .Values.operatorConfig.serviceAccount.name }}
       {{- with .Values.operatorConfig.podSecurityContext }}
       securityContext:
         {{- toYaml . | nindent 8 }}

diff --git a/charts/tailscale-operator/templates/operator-rbac.yaml b/charts/tailscale-operator/templates/operator-rbac.yaml
@@ -4,8 +4,12 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: operator
+  name: {{ .Values.operatorConfig.serviceAccount.name }}
   namespace: {{ .Release.Namespace }}
+  annotations:
+    {{- toYaml .Values.operatorConfig.serviceAccount.annotations | nindent 4 }}
+  labels:
+    {{- toYaml .Values.operatorConfig.serviceAccount.labels | nindent 4 }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -34,7 +38,7 @@ metadata:
   name: tailscale-operator
 subjects:
 - kind: ServiceAccount
-  name: operator
+  name: {{ .Values.operatorConfig.serviceAccount.name }}
   namespace: {{ .Release.Namespace }}
 roleRef:
   kind: ClusterRole
@@ -64,7 +68,7 @@ metadata:
   namespace: {{ .Release.Namespace }}
 subjects:
 - kind: ServiceAccount
-  name: operator
+  name:  {{ .Values.operatorConfig.serviceAccount.name }}
   namespace: {{ .Release.Namespace }}
 roleRef:
   kind: Role

diff --git a/charts/tailscale-operator/values.yaml b/charts/tailscale-operator/values.yaml
@@ -22,6 +22,11 @@ operatorConfig:
   defaultTags:
     - "tag:k8s-operator"
 
+  serviceAccount:
+    name: operator
+    annotations: {}
+    labels: {}
+
   image:
     # Repository defaults to DockerHub, but images are also synced to ghcr.io/tailscale/k8s-operator.
     repository: tailscale/k8s-operator