use service account key in helm

Author: Gleb Mishchenko

helm/yandex-cloud-connectors/templates/system/deployment.yaml

@@ -20,6 +20,8 @@ spec:
       containers:
         - image: {{ .Values.imageRegistry }}/manager:{{ .Chart.AppVersion }}
           args:
+            - --service-account-key-file
+            - /secret/key
             {{ if .Values.debug }}- --debug{{ end }}
           name: manager
           securityContext:
@@ -51,8 +53,14 @@ spec:
             - mountPath: /etc/yandex-cloud-connectors/certs
               name: tls-certificate
               readOnly: true
+            - mountPath: /secret
+              name: sakey
+              readOnly: true
       volumes:
         - name: tls-certificate
           secret:
             secretName: webhook-tls-cert
+        - name: sakey
+          secret:
+            secretName: connector-sakey-secret
       terminationGracePeriodSeconds: 10

helm/yandex-cloud-connectors/templates/system/sakey-secret.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: connector-sakey-secret
+  namespace: {{ .Values.namespace }}
+stringData:
+  key: |
+{{ required "saKey value is required to be set on install" .Values.saKey | indent 4}}

helm/yandex-cloud-connectors/values.yaml

@@ -1,3 +1,5 @@
 namespace: yandex-cloud-connectors
 imageRegistry: cr.yandex/yc/cloud-connectors
 debug: false
+saKey:
+