From 94e7fd777e282a8d03d1ee2e8d986ef8ac98c9a3 Mon Sep 17 00:00:00 2001
From: Leo J <153937047+leiicamundi@users.noreply.github.com>
Date: Mon, 14 Oct 2024 20:05:40 +0200
Subject: [PATCH] add irsa for all accounts

---
 .../helm-values/values-domain.yml             | 43 +++++++++++++++-
 .../helm-values/values-no-domain.yml          | 50 +++++++++++++++++++
 2 files changed, 92 insertions(+), 1 deletion(-)

diff --git a/examples/camunda-8.6-irsa/helm-values/values-domain.yml b/examples/camunda-8.6-irsa/helm-values/values-domain.yml
index 0f277510..cc22c0cb 100644
--- a/examples/camunda-8.6-irsa/helm-values/values-domain.yml
+++ b/examples/camunda-8.6-irsa/helm-values/values-domain.yml
@@ -1,8 +1,9 @@
 ---
 identityKeycloak:
     serviceAccount:
-        name: ''
+        name: ${CAMUNDA_KEYCLOAK_SERVICE_ACCOUNT_NAME}
         annotations:
+            eks.amazonaws.com/role-arn: ${DB_ROLE_ARN}
 
     postgresql:
         enabled: false
@@ -10,6 +11,7 @@ identityKeycloak:
         host: ${DB_HOST}
         user: ${PG_USERNAME}
         database: ${DEFAULT_DB_NAME}
+
     extraEnvVars:
         - name: KEYCLOAK_EXTRA_ARGS
           value: --db-driver=software.amazon.jdbc.Driver --transaction-xa-enabled=false --log-level=INFO,software.amazon.jdbc:INFO
@@ -25,6 +27,10 @@ global:
         enabled: true
         aws:
             enabled: true
+        url:
+            protocol: https
+            host: ${OPENSEARCH_HOST}
+            port: 443
 
     ingress:
         enabled: true
@@ -44,19 +50,51 @@ global:
             optimize:
                 redirectUrl: https://${DOMAIN_NAME}/optimize
 
+webModeler:
+    serviceAccount:
+        name: ${CAMUNDA_WEBMODELER_SERVICE_ACCOUNT_NAME}
+        annotations:
+            eks.amazonaws.com/role-arn: ${DB_ROLE_ARN}
+
 identity:
     contextPath: /identity
     fullURL: https://${DOMAIN_NAME}/identity
 
+    serviceAccount:
+        name: ${CAMUNDA_IDENTITY_SERVICE_ACCOUNT_NAME}
+        annotations:
+            eks.amazonaws.com/role-arn: ${DB_ROLE_ARN}
+
 operate:
     contextPath: /operate
 
+    serviceAccount:
+        name: ${CAMUNDA_OPERATE_SERVICE_ACCOUNT_NAME}
+        annotations:
+            eks.amazonaws.com/role-arn: ${OPENSEARCH_ROLE_ARN}
+
 tasklist:
     contextPath: /tasklist
 
+    serviceAccount:
+        name: ${CAMUNDA_TASKLIST_SERVICE_ACCOUNT_NAME}
+        annotations:
+            eks.amazonaws.com/role-arn: ${OPENSEARCH_ROLE_ARN}
+
 optimize:
     contextPath: /optimize
 
+    serviceAccount:
+        name: ${CAMUNDA_OPTIMIZE_SERVICE_ACCOUNT_NAME}
+        annotations:
+            eks.amazonaws.com/role-arn: ${OPENSEARCH_ROLE_ARN}
+
+zeebe:
+    serviceAccount:
+        name: ${CAMUNDA_ZEEBE_SERVICE_ACCOUNT_NAME}
+        annotations:
+            eks.amazonaws.com/role-arn: ${OPENSEARCH_ROLE_ARN}
+
 zeebeGateway:
     ingress:
         grpc:
@@ -68,3 +106,6 @@ zeebeGateway:
             annotations:
                 kubernetes.io/tls-acme: 'true'
     contextPath: /zeebe
+
+elasticsearch:
+    enabled: false
diff --git a/examples/camunda-8.6-irsa/helm-values/values-no-domain.yml b/examples/camunda-8.6-irsa/helm-values/values-no-domain.yml
index 60e82b98..326f59c1 100644
--- a/examples/camunda-8.6-irsa/helm-values/values-no-domain.yml
+++ b/examples/camunda-8.6-irsa/helm-values/values-no-domain.yml
@@ -1,11 +1,17 @@
 ---
 identityKeycloak:
+    serviceAccount:
+        name: ${CAMUNDA_KEYCLOAK_SERVICE_ACCOUNT_NAME}
+        annotations:
+            eks.amazonaws.com/role-arn: ${DB_ROLE_ARN}
+
     postgresql:
         enabled: false
     externalDatabase:
         host: ${DB_HOST}
         user: ${PG_USERNAME}
         database: ${DEFAULT_DB_NAME}
+
     extraEnvVars:
         - name: KEYCLOAK_EXTRA_ARGS
           value: --db-driver=software.amazon.jdbc.Driver --transaction-xa-enabled=false --log-level=INFO,software.amazon.jdbc:INFO
@@ -21,3 +27,47 @@ global:
         enabled: true
         aws:
             enabled: true
+        url:
+            protocol: https
+            host: ${OPENSEARCH_HOST}
+            port: 443
+
+webModeler:
+    serviceAccount:
+        name: ${CAMUNDA_WEBMODELER_SERVICE_ACCOUNT_NAME}
+        annotations:
+            eks.amazonaws.com/role-arn: ${DB_ROLE_ARN}
+
+identity:
+    serviceAccount:
+        name: ${CAMUNDA_IDENTITY_SERVICE_ACCOUNT_NAME}
+        annotations:
+            eks.amazonaws.com/role-arn: ${DB_ROLE_ARN}
+
+
+zeebe:
+    serviceAccount:
+        name: ${CAMUNDA_ZEEBE_SERVICE_ACCOUNT_NAME}
+        annotations:
+            eks.amazonaws.com/role-arn: ${OPENSEARCH_ROLE_ARN}
+
+operate:
+    serviceAccount:
+        name: ${CAMUNDA_OPERATE_SERVICE_ACCOUNT_NAME}
+        annotations:
+            eks.amazonaws.com/role-arn: ${OPENSEARCH_ROLE_ARN}
+
+tasklist:
+    serviceAccount:
+        name: ${CAMUNDA_TASKLIST_SERVICE_ACCOUNT_NAME}
+        annotations:
+            eks.amazonaws.com/role-arn: ${OPENSEARCH_ROLE_ARN}
+
+optimize:
+    serviceAccount:
+        name: ${CAMUNDA_OPTIMIZE_SERVICE_ACCOUNT_NAME}
+        annotations:
+            eks.amazonaws.com/role-arn: ${OPENSEARCH_ROLE_ARN}
+
+elasticsearch:
+    enabled: false