Merge pull request #12 from aaron-trout/automountServiceAccountToken

Support configuration of automountServiceAccountToken field
runatlantis · Jan 13, 2021 · 3cb9877 · 3cb9877
2 parents cf3ca2a + 840bac9
commit 3cb9877
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 1 deletion.
diff --git a/charts/atlantis/Chart.yaml b/charts/atlantis/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: v0.16.0
 description: A Helm chart for Atlantis https://www.runatlantis.io
 name: atlantis
-version: 3.12.7
+version: 3.12.8
 keywords:
 - terraform
 home: https://www.runatlantis.io

diff --git a/charts/atlantis/README.md b/charts/atlantis/README.md
@@ -81,6 +81,7 @@ The following options are supported.  See [values.yaml](values.yaml) for more de
 | `disableApply`                             | Disables running `atlantis apply` regardless of what options are specified                                                                                                                                                                                                                                 | `false` |
 | `disableApplyAll`                           | Disables running `atlantis apply` without any flags                                                                                                                                                                                                                                                       | `false` |
 | `serviceAccount.create`                     | Whether to create a Kubernetes ServiceAccount if no account matching `serviceAccount.name` exists.                                                                                                                                                                                                        | `true`  |
+| `serviceAccount.mount`                      | Whether to mount the Kubernetes ServiceAccount into the pod                                                                                                                                                                                                                                               | `true`  |
 | `serviceAccount.name`                       | Name of the Kubernetes ServiceAccount under which Atlantis should run. If no value is specified and `serviceAccount.create` is `true`, Atlantis will be run under a ServiceAccount whose name is the FullName of the Helm chart's instance, else Atlantis will be run under the `default` ServiceAccount. | n/a     |
 | `serviceAccount.annotations`                | Additional Service Account annotations                                                                           | n/a     |
 | `serviceAccountSecrets.credentials`         | Deprecated (see googleServiceAccountSecrets) JSON string representing secrets for a Google Cloud Platform production service account. Only applicable if hosting Atlantis on GKE.                                                                                                                                                                      | n/a     |

diff --git a/charts/atlantis/templates/statefulset.yaml b/charts/atlantis/templates/statefulset.yaml
@@ -35,6 +35,7 @@ spec:
       {{- end }}
     spec:
       serviceAccountName: {{ template "atlantis.serviceAccountName" . }}
+      automountServiceAccountToken: {{ .Values.serviceAccount.mount }}
       securityContext:
         fsGroup: 1000
         runAsUser: 100

diff --git a/charts/atlantis/values.yaml b/charts/atlantis/values.yaml
@@ -195,6 +195,9 @@ affinity: {}
 serviceAccount:
   # Specifies whether a ServiceAccount should be created
   create: true
+  # Set the `automountServiceAccountToken` field on the pod template spec
+  # If false, no kubernetes service account token will be mounted to the pod
+  mount: true
   # The name of the ServiceAccount to use.
   # If not set and create is true, a name is generated using the fullname template
   name: