opsta · winggundamth · Oct 27, 2025 · Oct 27, 2025
diff --git a/README.md b/README.md
@@ -14,6 +14,10 @@ OneChart is a generic Helm Chart for web applications. The idea is that most Kub
 
 You can also template and install onechart from an OCI repository as follows:
 
+> **Note:** The examples use version `0.77.0`. This will be the unreleased version if you are at the `main` branch.
+
+> You can find the latest released version in the [releases](https://github.com/opsta/onechart/releases) page.
+
 Check the generated Kubernetes yaml:
 
 ```bash

diff --git a/charts/common/templates/_serviceaccount.yaml b/charts/common/templates/_serviceaccount.yaml
@@ -1,10 +1,12 @@
 {{- define "common.serviceaccount.tpl" -}}
-{{- if .Values.serviceaccount }}
+{{- if .Values.serviceAccount.create -}}
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ .Values.serviceAccount }}
+  name: {{ .Values.serviceAccount.name | default (include "onechart.fullname" .) }}
   namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "onechart.labels" . | nindent 4 }}
 {{- end }}
 {{- end -}}
diff --git a/charts/onechart/values.schema.json b/charts/onechart/values.schema.json
@@ -1074,9 +1074,15 @@
             "title": "Mount an existing configMap as a file",
             "type": "object",
             "properties": {
-              "existingConfigMap": {
+              "name": {
                 "type": "string",
                 "title": "Name",
+                "description": "The name of the volume. Used only to recognize the volumes purpose in the config later on",
+                "default": "data"
+              },
+              "existingConfigMap": {
+                "type": "string",
+                "title": "ConfigMap Name",
                 "description": "The name of the configMap to mount",
                 "default": "data"
               },
@@ -1094,6 +1100,7 @@
               }
             },
             "required": [
+              "name",
               "existingConfigMap",
               "path"
             ]
@@ -1131,9 +1138,15 @@
             "title": "Mount an existing secret as a file",
             "type": "object",
             "properties": {
-              "existingSecret": {
+              "name": {
                 "type": "string",
                 "title": "Name",
+                "description": "The name of the volume. Used only to recognize the volumes purpose in the config later on",
+                "default": "data"
+              },
+              "existingSecret": {
+                "type": "string",
+                "title": "Secret Name",
                 "description": "The name of the secret to mount",
                 "default": "data"
               },
@@ -1151,6 +1164,7 @@
               }
             },
             "required": [
+              "name",
               "existingSecret",
               "path"
             ]

diff --git a/charts/onechart/values.yaml b/charts/onechart/values.yaml
@@ -16,7 +16,9 @@ image:
 # vars:
 #   MY_VAR: "value"
 
-serviceAccount: nginx
+serviceAccount:
+  create: false
+  # name: my-service-account
 
 replicas: 1
 

diff --git a/docs/onechart.md b/docs/onechart.md
@@ -88,7 +88,7 @@ image:
   tag: x.y.z
 
 imagePullSecrets:
- - regcred
+  - regcred
 EOF
 
 helm template my-release onechart/onechart -f values.yaml
@@ -282,7 +282,7 @@ The Nginx ingress controller must be set up in your cluster for this setting to
 
 ### HTTPS
 
-To reference a TLS secret use the `tlsEnabled` field. The deployment will point to a secret named: `tls-$.Release.Name`
+To reference a TLS secret use the `tlsEnabled` field. The deployment will point to a secret named using the pattern `tls-<release-name>`.
 
 ```
 cat << EOF > values.yaml
@@ -316,7 +316,6 @@ ingress:
 +   cert-manager.io/cluster-issuer: letsencrypt
   host: my-app.mycompany.com
   tlsEnabled: true
-
 ```
 
 ### Listening on multiple domains
@@ -412,7 +411,7 @@ Enable it with:
 
 ```
 probe:
-  enabled: false
+  enabled: true
   path: "/"
 ```
 
@@ -421,7 +420,7 @@ Check the Kubernetes manifest:
 ```
 cat << EOF > values.yaml
 probe:
-  enabled: false
+  enabled: true
   path: "/"
 EOF
 
@@ -444,13 +443,13 @@ probe:
     failureThreshold: 3
 ```
 
-| Setting             | Description                                                                                                                                     |
-| ------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
-| initialDelaySeconds | Number of seconds after the container has started before the probes is initiated.                                                               |
-| periodSeconds       | How often (in seconds) to perform the probe.                                                                                                    |
-| successThreshold    | Minimum consecutive successes for the probe to be considered successful after having failed.                                                    |
-| timeoutSeconds      | Number of seconds after which the probe times out.                                                                                              |
-| failureThreshold    | When a probe fails, Kubernetes will tries this many times before giving up. Giving up the pod will be marked Unready and won't get any traffic. |
+| Setting             | Description                                                                                                                                            |
+| ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| initialDelaySeconds | Number of seconds after the container has started before the probes is initiated.                                                                      |
+| periodSeconds       | How often (in seconds) to perform the probe.                                                                                                           |
+| successThreshold    | Minimum consecutive successes for the probe to be considered successful after having failed.                                                           |
+| timeoutSeconds      | Number of seconds after which the probe times out.                                                                                                     |
+| failureThreshold    | When a probe fails, Kubernetes will try this many times before giving up. If it gives up, the pod will be marked Unready and will not receive traffic. |
 
 ## High-Availability
 
@@ -540,7 +539,7 @@ helm template my-release onechart/onechart -f values.yaml
 
 For security reasons, if your application doesn't require root access and writing to the root file system, we recommend you to set `readOnlyRootFilesystem: true` and `runAsNonRoot: true`.
 
-**Example of setting security context for containers**
+### Example of setting security context for containers
 
 ```
 # values.yaml
@@ -549,7 +548,7 @@ securityContext:
   runAsNonRoot: true
 ```
 
-**Example of setting security context for init containers**
+### Example of setting security context for init containers
 
 ```
 # values.yaml

diff --git a/values.yaml b/values.yaml
@@ -14,8 +14,8 @@ volumes:
   - name: empty
     path: /deleteme2
     emptyDir: true
-  - existingSecret: my-secret
-    name: volume-name
+  - name: volume-name
+    existingSecret: my-secret
     path: /randomPath/app.creds
     subPath: app.creds