kubernetes - helm install 时如何创建 kubernetes serviceAccount？

Question

我在我的 values.yaml 中添加了这个，希望在我执行 helm 安装时创建 serviceAccount，但那没有用，我是不是遗漏了什么？

• helm 版本 v3.9.0
• kubernetes 版本 v1.24.0

serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: my-service-account

我什至尝试添加以下内容(基于 https://helm.sh/docs/chart_best_practices/rbac/#helm )，但没有成功:

rbac:
  # Specifies whether RBAC resources should be created
  create: true

谢谢

Answer 1

感谢您的帮助，我最终将此文件放在模板目录中，以便按照您提到的方式对其进行处理，我使用 helm 查找来检查 ServiceAccount 是否存在，因此第一个 helm install 进行安装(https://helm.sh/docs/chart_template_guide/functions_and_pipelines/#using-the-lookup-function)

{{- if not (lookup "v1" "ServiceAccount" "my-namespace" "my-service-account") }}
apiVersion: v1
kind: ServiceAccount
metadata:
  name: my-service-account
  namespace: {{ .Values.namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: my-cluster-role
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: my-cluster-role-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: my-cluster-role
subjects:
- kind: ServiceAccount
  name: my-service-account
  namespace: {{ .Values.namespace }}    
{{- end }}