#190 Allow set Jenkins master service account annotations

2020-01-11 10:31:18 +01:00 · 2020-01-11 10:31:18 +01:00 · 7dd2ff1b1b
parent b27aef1808
commit 7dd2ff1b1b
5 changed files with 76 additions and 14 deletions
--- a/pkg/apis/jenkins/v1alpha2/jenkins_types.go
+++ b/pkg/apis/jenkins/v1alpha2/jenkins_types.go
@ -57,6 +57,20 @@ type JenkinsSpec struct {
 	// Roles defines list of extra RBAC roles for the Jenkins Master pod service account
 	// +optional
 	Roles []rbacv1.RoleRef `json:"roles,omitempty"`
+
+	// ServiceAccount defines Jenkins master service account attributes
+	// +optional
+	ServiceAccount ServiceAccount `json:"serviceAccount,omitempty"`
+}
+
+// ServiceAccount defines Kubernetes service account attributes
+type ServiceAccount struct {
+	// Annotations is an unstructured key value map stored with a resource that may be
+	// set by external tools to store and retrieve arbitrary metadata. They are not
+	// queryable and should be preserved when modifying objects.
+	// More info: http://kubernetes.io/docs/user-guide/annotations
+	// +optional
+	Annotations map[string]string `json:"annotations,omitempty"`
 }

 // NotificationLevel defines the level of a Notification
--- a/pkg/apis/jenkins/v1alpha2/zz_generated.deepcopy.go
+++ b/pkg/apis/jenkins/v1alpha2/zz_generated.deepcopy.go
@ -375,6 +375,7 @@ func (in *JenkinsSpec) DeepCopyInto(out *JenkinsSpec) {
 		*out = make([]rbacv1.RoleRef, len(*in))
 		copy(*out, *in)
 	}
+	in.ServiceAccount.DeepCopyInto(&out.ServiceAccount)
 	return
 }

@ -631,6 +632,29 @@ func (in *Service) DeepCopy() *Service {
 	return out
 }

+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ServiceAccount) DeepCopyInto(out *ServiceAccount) {
+	*out = *in
+	if in.Annotations != nil {
+		in, out := &in.Annotations, &out.Annotations
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccount.
+func (in *ServiceAccount) DeepCopy() *ServiceAccount {
+	if in == nil {
+		return nil
+	}
+	out := new(ServiceAccount)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *Slack) DeepCopyInto(out *Slack) {
 	*out = *in
--- a/pkg/controller/jenkins/configuration/base/reconcile.go
+++ b/pkg/controller/jenkins/configuration/base/reconcile.go
@ -340,13 +340,36 @@ func (r *ReconcileJenkinsBaseConfiguration) addLabelForWatchesResources(customiz
 	return nil
 }

-func (r *ReconcileJenkinsBaseConfiguration) createRBAC(meta metav1.ObjectMeta) error {
-	serviceAccount := resources.NewServiceAccount(meta)
-	err := r.CreateResource(serviceAccount)
-	if err != nil && !apierrors.IsAlreadyExists(err) {
+func (r *ReconcileJenkinsBaseConfiguration) createServiceAccount(meta metav1.ObjectMeta) error {
+	serviceAccount := &corev1.ServiceAccount{}
+	err := r.Client.Get(context.TODO(), types.NamespacedName{Name: meta.Name, Namespace: meta.Namespace}, serviceAccount)
+	if err != nil && apierrors.IsNotFound(err) {
+		serviceAccount = resources.NewServiceAccount(meta, r.Configuration.Jenkins.Spec.ServiceAccount.Annotations)
+		if err = r.CreateResource(serviceAccount); err != nil {
+			return stackerr.WithStack(err)
+		}
+	} else if err != nil {
 		return stackerr.WithStack(err)
 	}

+	if !compareAnnotations(r.Configuration.Jenkins.Spec.ServiceAccount.Annotations, serviceAccount.Annotations) {
+		for key, value := range r.Configuration.Jenkins.Spec.ServiceAccount.Annotations {
+			serviceAccount.Annotations[key] = value
+		}
+		if err = r.UpdateResource(serviceAccount); err != nil {
+			return stackerr.WithStack(err)
+		}
+	}
+
+	return nil
+}
+
+func (r *ReconcileJenkinsBaseConfiguration) createRBAC(meta metav1.ObjectMeta) error {
+	err := r.createServiceAccount(meta)
+	if err != nil {
+		return err
+	}
+
 	role := resources.NewRole(meta)
 	err = r.CreateOrUpdateResource(role)
 	if err != nil {
@ -603,7 +626,7 @@ func (r *ReconcileJenkinsBaseConfiguration) checkForPodRecreation(currentJenkins
 	}

 	if len(r.Configuration.Jenkins.Spec.Master.Annotations) > 0 &&
-		!comparePodAnnotations(r.Configuration.Jenkins.Spec.Master.Annotations, currentJenkinsMasterPod.ObjectMeta.Annotations) {
+		!compareAnnotations(r.Configuration.Jenkins.Spec.Master.Annotations, currentJenkinsMasterPod.ObjectMeta.Annotations) {
 		messages = append(messages, "Jenkins pod annotations have changed")
 		verbose = append(verbose, fmt.Sprintf("Jenkins pod annotations have changed, actual '%+v' required '%+v'",
 			currentJenkinsMasterPod.ObjectMeta.Annotations, r.Configuration.Jenkins.Spec.Master.Annotations))
@ -738,7 +761,7 @@ func compareImagePullSecrets(expected, actual []corev1.LocalObjectReference) boo
 	return true
 }

-func comparePodAnnotations(expected, actual map[string]string) bool {
+func compareAnnotations(expected, actual map[string]string) bool {
 	for expectedKey, expectedValue := range expected {
 		actualValue, found := actual[expectedKey]
 		if !found {
--- a/pkg/controller/jenkins/configuration/base/reconcile_test.go
+++ b/pkg/controller/jenkins/configuration/base/reconcile_test.go
@ -659,7 +659,7 @@ func TestComparePodAnnotations(t *testing.T) {
 		expectedAnnotations := map[string]string{}
 		actualAnnotations := map[string]string{}

-		got := comparePodAnnotations(expectedAnnotations, actualAnnotations)
+		got := compareAnnotations(expectedAnnotations, actualAnnotations)

 		assert.True(t, got)
 	})
@ -667,7 +667,7 @@ func TestComparePodAnnotations(t *testing.T) {
 		expectedAnnotations := map[string]string{"one": "two"}
 		actualAnnotations := expectedAnnotations

-		got := comparePodAnnotations(expectedAnnotations, actualAnnotations)
+		got := compareAnnotations(expectedAnnotations, actualAnnotations)

 		assert.True(t, got)
 	})
@ -675,7 +675,7 @@ func TestComparePodAnnotations(t *testing.T) {
 		expectedAnnotations := map[string]string{"one": "two"}
 		actualAnnotations := map[string]string{"one": "two", "three": "four"}

-		got := comparePodAnnotations(expectedAnnotations, actualAnnotations)
+		got := compareAnnotations(expectedAnnotations, actualAnnotations)

 		assert.True(t, got)
 	})
@ -683,7 +683,7 @@ func TestComparePodAnnotations(t *testing.T) {
 		expectedAnnotations := map[string]string{"one": "two"}
 		actualAnnotations := map[string]string{"three": "four"}

-		got := comparePodAnnotations(expectedAnnotations, actualAnnotations)
+		got := compareAnnotations(expectedAnnotations, actualAnnotations)

 		assert.False(t, got)
 	})
@ -691,7 +691,7 @@ func TestComparePodAnnotations(t *testing.T) {
 		expectedAnnotations := map[string]string{"one": "two"}
 		actualAnnotations := map[string]string{"one": "three"}

-		got := comparePodAnnotations(expectedAnnotations, actualAnnotations)
+		got := compareAnnotations(expectedAnnotations, actualAnnotations)

 		assert.False(t, got)
 	})
@ -699,7 +699,7 @@ func TestComparePodAnnotations(t *testing.T) {
 		expectedAnnotations := map[string]string{"one": "two", "missing": "something"}
 		actualAnnotations := map[string]string{"one": "three"}

-		got := comparePodAnnotations(expectedAnnotations, actualAnnotations)
+		got := compareAnnotations(expectedAnnotations, actualAnnotations)

 		assert.False(t, got)
 	})
--- a/pkg/controller/jenkins/configuration/base/resources/service_account.go
+++ b/pkg/controller/jenkins/configuration/base/resources/service_account.go
@ -5,8 +5,9 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )

-// NewServiceAccount return kubernetes service account
-func NewServiceAccount(meta metav1.ObjectMeta) *v1.ServiceAccount {
+// NewServiceAccount return Kubernetes service account
+func NewServiceAccount(meta metav1.ObjectMeta, annotations map[string]string) *v1.ServiceAccount {
+	meta.Annotations = annotations
 	return &v1.ServiceAccount{
 		TypeMeta: metav1.TypeMeta{
 			Kind:       "ServiceAccount",