Skip to content

feat(argo-rollouts): make make automountServiceAccountToken configurable#3562

Closed
bianchi2 wants to merge 9 commits intoargoproj:mainfrom
bianchi2:make-automountserviceaccounttoken-configurable
Closed

feat(argo-rollouts): make make automountServiceAccountToken configurable#3562
bianchi2 wants to merge 9 commits intoargoproj:mainfrom
bianchi2:make-automountserviceaccounttoken-configurable

Conversation

@bianchi2
Copy link
Copy Markdown

@bianchi2 bianchi2 commented Nov 3, 2025
edited
Loading

It's common that automountServiceAccountToken is enforced to false in enterprize clusters (token is mounted via projected volume). This PR makes it possible to set serviceAccount.automountServiceAccountToken to false.

Checklist:

  • I have bumped the chart version according to versioning
  • I have updated the documentation according to documentation
  • I have updated the chart changelog with all the changes that come with this pull request according to changelog.
  • Any new values are backwards compatible and/or have sensible default.
  • I have signed off all my commits as required by DCO.
  • I have created a separate pull request for each chart according to pull requests
  • My build is green (troubleshooting builds).

@bianchi2 bianchi2 changed the title Make make automountServiceAccountToken configurable feat(argo-workflows): make make automountServiceAccountToken configurable Nov 3, 2025
@bianchi2
Make make automountServiceSccountToken configurable
9da3cc9 
Signed-off-by: Yevhen Ivantsov <yivantsov@atlassian.com>
@bianchi2
Bump chart version and edit changes
79fe2c1 
Signed-off-by: Yevhen Ivantsov <yivantsov@atlassian.com>
@bianchi2 bianchi2 force-pushed the make-automountserviceaccounttoken-configurable branch from dea347f to 79fe2c1 Compare November 3, 2025 00:21
@github-actions github-actions Bot added the size/S label Nov 3, 2025
@bianchi2 bianchi2 changed the title feat(argo-workflows): make make automountServiceAccountToken configurable feat(argo-rollouts): make make automountServiceAccountToken configurable Nov 3, 2025
yu-croco
yu-croco reviewed Nov 4, 2025
View reviewed changes
Comment thread charts/argo-rollouts/templates/controller/deployment.yaml Outdated
Comment on lines +48 to +50
{{- if ne .Values.serviceAccount.automountServiceAccountToken nil }}
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
{{- end }}
Copy link
Copy Markdown
Collaborator

@yu-croco yu-croco Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I want to follow the existing logics and default value in argo-helm. 😃
Ref:

Copy link
Copy Markdown
Author

@bianchi2 bianchi2 Nov 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@yu-croco thanks, I wanted to keep default rendered templates as is but it indeed makes sense to set it to true provided that it's the default anyways and other argocd charts use this pattern. Just committed the change.

@bianchi2
Set default value
b6d648e 
Signed-off-by: Yevhen Ivantsov <yivantsov@atlassian.com>
yu-croco
yu-croco reviewed Nov 6, 2025
View reviewed changes
Comment thread charts/argo-rollouts/Chart.yaml Outdated
@@ -20,3 +20,5 @@ annotations:
artifacthub.io/changes: |
- kind: changed
Copy link
Copy Markdown
Collaborator

@yu-croco yu-croco Nov 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please remove old one.

Copy link
Copy Markdown
Author

@bianchi2 bianchi2 Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bianchi2
Update changelog
845f3ec 
Signed-off-by: Yevhen Ivantsov <yivantsov@atlassian.com>
@bianchi2 bianchi2 force-pushed the make-automountserviceaccounttoken-configurable branch from ca152d6 to cf98c2c Compare November 7, 2025 01:23
@bianchi2
Update README
9e67275 
Signed-off-by: Yevhen Ivantsov <yivantsov@atlassian.com>
@bianchi2 bianchi2 force-pushed the make-automountserviceaccounttoken-configurable branch from cf98c2c to 9e67275 Compare November 7, 2025 01:24
yu-croco
yu-croco reviewed Nov 7, 2025
View reviewed changes
Comment thread charts/argo-rollouts/templates/controller/serviceaccount.yaml
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
Copy link
Copy Markdown
Collaborator

@yu-croco yu-croco Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In existing logic, deployment and Service have their own parameters.
https://github.com/argoproj/argo-helm/blob/main/charts/argo-cd/values.yaml#L971-L984

Copy link
Copy Markdown
Author

@bianchi2 bianchi2 Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Created controller.automountServiceAccountToken to use in deployment template.

yu-croco
yu-croco reviewed Nov 7, 2025
View reviewed changes
Comment thread charts/argo-rollouts/README.md Outdated
| podLabels | object | `{}` | Labels to be added to the Rollout pods |
| podSecurityContext | object | `{"runAsNonRoot":true}` | Security Context to set on pod level |
| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
| serviceAccount.automountServiceAccountToken | bool | `true` | Specifies whether a service account token should be automatically mounted into pods Defaults to true when unspecified. Set to 'false' if you are using projected tokens. |
Copy link
Copy Markdown
Collaborator

@yu-croco yu-croco Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We want to align the descriptions. 😄

Copy link
Copy Markdown
Author

@bianchi2 bianchi2 Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copied comments as is.

@yu-croco yu-croco requested a review from tico24 as a code owner November 11, 2025 23:36
@bianchi2
Copy link
Copy Markdown
Author

bianchi2 commented Dec 4, 2025

@tico24 any chance to review this one? Thanks

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Feb 3, 2026

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@github-actions github-actions Bot closed this Feb 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yu-croco yu-croco yu-croco left review comments

@jmeridth jmeridth Awaiting requested review from jmeridth jmeridth is a code owner

@tico24 tico24 Awaiting requested review from tico24 tico24 is a code owner

Assignees

No one assigned

Labels

argo-rollouts no-pr-activity size/S

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bianchi2 @yu-croco