Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[helm] support using user-created serviceAccount and clusterRole #5593

Merged
merged 3 commits into from
Nov 8, 2024
Merged

[helm] support using user-created serviceAccount and clusterRole #5593

merged 3 commits into from
Nov 8, 2024

Conversation

pkoutsovasilis
Copy link
Contributor

@pkoutsovasilis pkoutsovasilis commented Sep 23, 2024
edited
Loading

What does this PR do?

This PR introduces the capability for users to bind agent presets with custom service accounts and cluster roles, rather than relying solely on auto-generated or default configurations. This allows greater control over security and permissions for agent interactions. Additionally, it provides support for adding annotations to these bindings, allowing for custom metadata that can be leveraged by observability and monitoring tools to enhance tracking, auditing, and configuration management.

Why is it important?

This added flexibility ensures that the Helm chart can be better aligned with organizational policies and infrastructure requirements of users.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in ./changelog/fragments using the changelog tool
  • I have added an integration test or an E2E test

Disruptive User Impact

N/A

How to test this PR locally

mage helm:renderExamples
mage integration:kubernetesMatrix

Related issues

@pkoutsovasilis pkoutsovasilis force-pushed the pkoutsovasilis/helm_service_account branch from 1f67a7d to 6567ef6 Compare September 23, 2024 08:07
@mergify Mergify
Copy link
Contributor

mergify bot commented Sep 23, 2024

This pull request does not have a backport label. Could you fix it @pkoutsovasilis? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-./d./d is the label to automatically backport to the 8./d branch. /d is the digit

@mergify Mergify
Copy link
Contributor

mergify bot commented Sep 23, 2024

backport-v8.x has been added to help with the transition to the new branch 8.x.
If you don't need it please use backport-skip label and remove the backport-8.x label.

@mergify mergify bot added the backport-8.x Automated backport to the 8.x branch with mergify label Sep 23, 2024
@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

@pkoutsovasilis pkoutsovasilis changed the title feat: support using user-created serviceAccount and clusterRole [heom] support using user-created serviceAccount and clusterRole Oct 29, 2024
@pkoutsovasilis pkoutsovasilis mentioned this pull request Oct 29, 2024
Merged
7 tasks
@pkoutsovasilis pkoutsovasilis changed the title [heom] support using user-created serviceAccount and clusterRole [helm] support using user-created serviceAccount and clusterRole Oct 29, 2024
@pkoutsovasilis pkoutsovasilis force-pushed the pkoutsovasilis/helm_service_account branch 2 times, most recently from 7aa5a6e to bdb81d0 Compare October 31, 2024 09:34
@pkoutsovasilis pkoutsovasilis added the enhancement New feature or request label Oct 31, 2024
@pkoutsovasilis pkoutsovasilis marked this pull request as ready for review October 31, 2024 11:15
@pkoutsovasilis pkoutsovasilis requested a review from a team as a code owner October 31, 2024 11:15
@pkoutsovasilis pkoutsovasilis added the backport-8.16 Automated backport with mergify label Oct 31, 2024
@pierrehilbert pierrehilbert added the Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team label Oct 31, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)

@pkoutsovasilis pkoutsovasilis force-pushed the pkoutsovasilis/helm_service_account branch from 19ae4ec to 6668f5a Compare November 6, 2024 07:06
swiatekm
swiatekm reviewed Nov 6, 2024
View reviewed changes
Copy link
Contributor

@swiatekm swiatekm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall this looks good, had questions about a few parts.

deploy/helm/elastic-agent/templates/agent/service-account.yaml Outdated Show resolved Hide resolved
deploy/helm/elastic-agent/templates/agent/cluster-role.yaml Outdated Show resolved Hide resolved
deploy/helm/elastic-agent/templates/agent/_helpers.tpl Show resolved Hide resolved
@pkoutsovasilis pkoutsovasilis force-pushed the pkoutsovasilis/helm_service_account branch from 8ce3bbf to d5b7191 Compare November 6, 2024 15:51
@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

swiatekm
swiatekm approved these changes Nov 7, 2024
View reviewed changes
Copy link
Contributor

@swiatekm swiatekm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!

@pkoutsovasilis pkoutsovasilis merged commit 5ac225d into elastic:main Nov 8, 2024
9 checks passed
@pkoutsovasilis pkoutsovasilis deleted the pkoutsovasilis/helm_service_account branch November 8, 2024 08:29
mergify bot pushed a commit that referenced this pull request Nov 8, 2024
@pkoutsovasilis @mergify
[helm] support using user-created serviceAccount and clusterRole (#5593)
ab62702 
* feat: support using user-created serviceAccount and clusterRole

* feat: add support for defining automountServiceAccountToken per preset

* fix: add preset-wide annotations to serviceaccount, clusterrole, clusterrolebinding

(cherry picked from commit 5ac225d)
mergify bot pushed a commit that referenced this pull request Nov 8, 2024
@pkoutsovasilis @mergify
[helm] support using user-created serviceAccount and clusterRole (#5593)
08f2178 
* feat: support using user-created serviceAccount and clusterRole

* feat: add support for defining automountServiceAccountToken per preset

* fix: add preset-wide annotations to serviceaccount, clusterrole, clusterrolebinding

(cherry picked from commit 5ac225d)
This was referenced Nov 8, 2024
Merged
Merged
pkoutsovasilis added a commit that referenced this pull request Nov 8, 2024
@mergify @pkoutsovasilis
[8.x](backport #5593) [helm] support using user-created serviceAccoun…
047b10c 
…t and clusterRole (#5977)

* [helm] support using user-created serviceAccount and clusterRole (#5593)

* feat: support using user-created serviceAccount and clusterRole

* feat: add support for defining automountServiceAccountToken per preset

* fix: add preset-wide annotations to serviceaccount, clusterrole, clusterrolebinding

(cherry picked from commit 5ac225d)

* fix: render helm chart examples

---------

Co-authored-by: Panos Koutsovasilis <panos.koutsovasilis@elastic.co>
pkoutsovasilis added a commit that referenced this pull request Nov 8, 2024
@mergify @pkoutsovasilis
[8.16](backport #5593) [helm] support using user-created serviceAccou…
ca434de 
…nt and clusterRole (#5976)

* [helm] support using user-created serviceAccount and clusterRole (#5593)

* feat: support using user-created serviceAccount and clusterRole

* feat: add support for defining automountServiceAccountToken per preset

* fix: add preset-wide annotations to serviceaccount, clusterrole, clusterrolebinding

(cherry picked from commit 5ac225d)

* fix: render helm chart examples

---------

Co-authored-by: Panos Koutsovasilis <panos.koutsovasilis@elastic.co>
@ycombinator ycombinator mentioned this pull request Nov 11, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@swiatekm swiatekm swiatekm approved these changes

@blakerouse blakerouse Awaiting requested review from blakerouse blakerouse is a code owner automatically assigned from elastic/elastic-agent-control-plane

@kaanyalti kaanyalti Awaiting requested review from kaanyalti kaanyalti is a code owner automatically assigned from elastic/elastic-agent-control-plane

Assignees

@pkoutsovasilis pkoutsovasilis

Labels
backport-8.x Automated backport to the 8.x branch with mergify backport-8.16 Automated backport with mergify enhancement New feature or request skip-changelog Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@pkoutsovasilis @elasticmachine @swiatekm @pierrehilbert