From 3f0c4b6bd90d405d19633be51eb61a573e23b7fd Mon Sep 17 00:00:00 2001
From: Benjamin Blankenmeister <b.p.blankenmeister@gmail.com>
Date: Thu, 26 Oct 2023 15:07:52 -0400
Subject: [PATCH] Add support for k8s service accounts (#27)

* Add support for k8s service accounts

* gate

* Bump versions
---
 charts/hail-search/Chart.yaml                    |  2 +-
 charts/hail-search/templates/deployment.yaml     |  3 +++
 charts/hail-search/templates/serviceaccount.yaml | 12 ++++++++++++
 charts/hail-search/values.yaml                   |  6 ++++++
 charts/seqr/Chart.yaml                           |  2 +-
 charts/seqr/templates/deployment.yaml            |  3 +++
 charts/seqr/templates/serviceaccount.yaml        | 12 ++++++++++++
 charts/seqr/values.yaml                          |  6 ++++++
 8 files changed, 44 insertions(+), 2 deletions(-)
 create mode 100644 charts/hail-search/templates/serviceaccount.yaml
 create mode 100644 charts/seqr/templates/serviceaccount.yaml

diff --git a/charts/hail-search/Chart.yaml b/charts/hail-search/Chart.yaml
index 9adf3d99..eb91fb73 100644
--- a/charts/hail-search/Chart.yaml
+++ b/charts/hail-search/Chart.yaml
@@ -18,7 +18,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.10
+version: 0.1.11
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
diff --git a/charts/hail-search/templates/deployment.yaml b/charts/hail-search/templates/deployment.yaml
index ac706146..57eb4800 100644
--- a/charts/hail-search/templates/deployment.yaml
+++ b/charts/hail-search/templates/deployment.yaml
@@ -28,6 +28,9 @@ spec:
       imagePullSecrets:
         {{- toYaml . | nindent 6 }}
       {{- end }}
+      {{- if .Values.serviceAccount.create -}}
+      serviceAccountName: {{ include "hail-search.fullname" . }}
+      {{- end }}
       containers:
         - name: {{ include "hail-search.fullname" . }}-pod
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
diff --git a/charts/hail-search/templates/serviceaccount.yaml b/charts/hail-search/templates/serviceaccount.yaml
new file mode 100644
index 00000000..012f44a3
--- /dev/null
+++ b/charts/hail-search/templates/serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "hail-search.fullname" . }}
+  labels:
+    {{- include "hail-search.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/charts/hail-search/values.yaml b/charts/hail-search/values.yaml
index 61adfd8b..771fac1f 100644
--- a/charts/hail-search/values.yaml
+++ b/charts/hail-search/values.yaml
@@ -14,6 +14,12 @@ imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
 
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+
 podAnnotations: {}
 
 service:
diff --git a/charts/seqr/Chart.yaml b/charts/seqr/Chart.yaml
index a78b3e54..db642117 100644
--- a/charts/seqr/Chart.yaml
+++ b/charts/seqr/Chart.yaml
@@ -17,7 +17,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.59
+version: 0.0.60
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
diff --git a/charts/seqr/templates/deployment.yaml b/charts/seqr/templates/deployment.yaml
index c0749752..07b07643 100644
--- a/charts/seqr/templates/deployment.yaml
+++ b/charts/seqr/templates/deployment.yaml
@@ -36,6 +36,9 @@ spec:
       imagePullSecrets:
         {{- toYaml . | nindent 6 }}
       {{- end }}
+      {{- if .Values.serviceAccount.create -}}
+      serviceAccountName: {{ include "seqr.fullname" . }}
+      {{- end }}
       containers:
       - name: seqr-pod
         ports:
diff --git a/charts/seqr/templates/serviceaccount.yaml b/charts/seqr/templates/serviceaccount.yaml
new file mode 100644
index 00000000..f3a01921
--- /dev/null
+++ b/charts/seqr/templates/serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "seqr.fullname" . }}
+  labels:
+    {{- include "seqr.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/charts/seqr/values.yaml b/charts/seqr/values.yaml
index 315ef822..16e7e9c4 100644
--- a/charts/seqr/values.yaml
+++ b/charts/seqr/values.yaml
@@ -19,6 +19,12 @@ nameOverride: ""
 # -- Overrides the fully qualified name of the app, for use in templates
 fullnameOverride: ""
 
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+
 # -- A dictionary of annotations to add to the seqr Deployment
 podAnnotations: {}