Closed james-mcgoodwin closed 2 years ago
It looks like the CI linting system is out of commission, it's failing for other PR's on the bitnami charts URL.
Error: looks like "https://charts.bitnami.com" is not a valid chart repository or cannot be reached: failed to fetch https://charts.bitnami.com/index.yaml : 403 Forbidden
--
Popping this commit message out since it changes a default value in values.yaml:
CI fails to pass because values.yaml contains an invalid null string. Running 'helm lint ./drone' fails Even calling helm lint with an additional '-f ./drone/ci/test-values.yaml' still fails to validate values.yaml
$ helm lint ./drone/ -f ./drone/ci/test-values.yaml
==> Linting ./drone/
[ERROR] values.yaml: - env.DRONE_SERVER_HOST: String length must be greater than or equal to 3
Error: 1 chart(s) linted, 1 chart(s) failed
I have updated values.yaml with the example string used in the drone documentation page for the DRONE_SERVER_HOST value: https://readme.drone.io/server/reference/drone-server-host/
would like this to use a sa with server for eks irsa for s3 access.
would like this to use a sa with server for eks irsa for s3 access.
We need this for the same reason. Helm create generates all the service account goodness one needs, it shouldn't have been removed to begin with.
@jeanlucmongrain can you get the conflicts resolved and then we can we can try to get this merged?
@jimsheldon - can we get someone to look at this PR please
I'll be looking into this asap. Can someone fix the conflict? Thanks
Thanks guys. If ~@jimsheldon~ @james-mcgoodwin is busy I can send up another PR
@jimsheldon try #76
This PR lets the user choose to not use the built in 'default' Kubernetes service account in the namespace drone is being deployed to.
Our use case for this is we create specific KSA's for each of our services, while optionally attaching it to GCPs Workload Identity system via annotations.
If left unchanged by the user, the default KSA will still be used and no new KSA will be generated.
If the user overrides the serviceAccount: object they can do the following:
Note that annotations will not be applied to any KSA if the create bool is false.
I feel like this PR dove tales with the Allow custom webserver port PR.
My ultimate goal is a drone running with out root (using port 8080), with a KSA that we choose (named predictably 'drone')