feat(helm): add a service account for the registry

The annotations of the service account are configurable through helm values.

helm/kube-image-keeper/templates/registry-deployment.yaml

@@ -26,6 +26,7 @@ spec:
       {{- if .Values.registry.priorityClassName }}
       priorityClassName: {{ .Values.registry.priorityClassName | quote }}
       {{- end }}
+      serviceAccountName: {{ include "kube-image-keeper.fullname" . }}-registry
       securityContext:
         {{- toYaml .Values.registry.podSecurityContext | nindent 8 }}
       containers:

helm/kube-image-keeper/templates/registry-serviceaccount.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "kube-image-keeper.fullname" . }}-registry
+  labels:
+    {{- include "kube-image-keeper.labels" . | nindent 4 }}
+  {{- with .Values.registry.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}

helm/kube-image-keeper/templates/registry-statefulset.yaml

@@ -31,6 +31,7 @@ spec:
       {{- if .Values.registry.priorityClassName }}
       priorityClassName: {{ .Values.registry.priorityClassName | quote }}
       {{- end }}
+      serviceAccountName: {{ include "kube-image-keeper.fullname" . }}-registry
       securityContext:
         {{- toYaml .Values.registry.podSecurityContext | nindent 8 }}
       {{- if .Values.registry.persistence.enabled }}

helm/kube-image-keeper/values.yaml

@@ -257,6 +257,9 @@ registry:
     extraLabels: {}
     # -- Relabel config for the ServiceMonitor, see: https://coreos.com/operators/prometheus/docs/latest/api.html#relabelconfig
     relabelings: []
+  serviceAccount:
+    # -- Annotations to add to the servicateAccount
+    annotations: {}
 
 registryUI:
   # -- If true, enable the registry user interface