public_git
/
kubernetes-operator
mirror of https://github.com/jenkinsci/kubernetes-operator.git
1
0
Fork 0
Code Issues Releases Wiki Activity

#190 Allow set Jenkins master service account annotations

This commit is contained in:
Tomasz Sęk 2020-01-11 10:31:18 +01:00
parent b27aef1808
commit 7dd2ff1b1b
No known key found for this signature in database
GPG Key ID: DC356D23F6A644D0
5 changed files with 76 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
pkg/apis/jenkins/v1alpha2/jenkins_types.go
View File

@ -57,6 +57,20 @@ type JenkinsSpec struct {
// Roles defines list of extra RBAC roles for the Jenkins Master pod service account // Roles defines list of extra RBAC roles for the Jenkins Master pod service account
// +optional // +optional
Roles []rbacv1.RoleRef `json:"roles,omitempty"` Roles []rbacv1.RoleRef `json:"roles,omitempty"`
// ServiceAccount defines Jenkins master service account attributes
// +optional
ServiceAccount ServiceAccount `json:"serviceAccount,omitempty"`
}
// ServiceAccount defines Kubernetes service account attributes
type ServiceAccount struct {
// Annotations is an unstructured key value map stored with a resource that may be
// set by external tools to store and retrieve arbitrary metadata. They are not
// queryable and should be preserved when modifying objects.
// More info: http://kubernetes.io/docs/user-guide/annotations
// +optional
Annotations map[string]string `json:"annotations,omitempty"`
} }
// NotificationLevel defines the level of a Notification // NotificationLevel defines the level of a Notification

24
pkg/apis/jenkins/v1alpha2/zz_generated.deepcopy.go
View File

@ -375,6 +375,7 @@ func (in *JenkinsSpec) DeepCopyInto(out *JenkinsSpec) {
*out = make([]rbacv1.RoleRef, len(*in)) *out = make([]rbacv1.RoleRef, len(*in))
copy(*out, *in) copy(*out, *in)
} }
in.ServiceAccount.DeepCopyInto(&out.ServiceAccount)
return return
} }
@ -631,6 +632,29 @@ func (in *Service) DeepCopy() *Service {
return out return out
} }
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ServiceAccount) DeepCopyInto(out *ServiceAccount) {
*out = *in
if in.Annotations != nil {
in, out := &in.Annotations, &out.Annotations
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccount.
func (in *ServiceAccount) DeepCopy() *ServiceAccount {
if in == nil {
return nil
}
out := new(ServiceAccount)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Slack) DeepCopyInto(out *Slack) { func (in *Slack) DeepCopyInto(out *Slack) {
*out = *in *out = *in

35
pkg/controller/jenkins/configuration/base/reconcile.go
View File

@ -340,13 +340,36 @@ func (r *ReconcileJenkinsBaseConfiguration) addLabelForWatchesResources(customiz
return nil return nil
} }
func (r *ReconcileJenkinsBaseConfiguration) createRBAC(meta metav1.ObjectMeta) error { func (r *ReconcileJenkinsBaseConfiguration) createServiceAccount(meta metav1.ObjectMeta) error {
serviceAccount := resources.NewServiceAccount(meta) serviceAccount := &corev1.ServiceAccount{}
err := r.CreateResource(serviceAccount) err := r.Client.Get(context.TODO(), types.NamespacedName{Name: meta.Name, Namespace: meta.Namespace}, serviceAccount)
if err != nil && !apierrors.IsAlreadyExists(err) { if err != nil && apierrors.IsNotFound(err) {
serviceAccount = resources.NewServiceAccount(meta, r.Configuration.Jenkins.Spec.ServiceAccount.Annotations)
if err = r.CreateResource(serviceAccount); err != nil {
return stackerr.WithStack(err)
}
} else if err != nil {
return stackerr.WithStack(err) return stackerr.WithStack(err)
} }
if !compareAnnotations(r.Configuration.Jenkins.Spec.ServiceAccount.Annotations, serviceAccount.Annotations) {
for key, value := range r.Configuration.Jenkins.Spec.ServiceAccount.Annotations {
serviceAccount.Annotations[key] = value
}
if err = r.UpdateResource(serviceAccount); err != nil {
return stackerr.WithStack(err)
}
}
return nil
}
func (r *ReconcileJenkinsBaseConfiguration) createRBAC(meta metav1.ObjectMeta) error {
err := r.createServiceAccount(meta)
if err != nil {
return err
}
role := resources.NewRole(meta) role := resources.NewRole(meta)
err = r.CreateOrUpdateResource(role) err = r.CreateOrUpdateResource(role)
if err != nil { if err != nil {
@ -603,7 +626,7 @@ func (r *ReconcileJenkinsBaseConfiguration) checkForPodRecreation(currentJenkins
} }
if len(r.Configuration.Jenkins.Spec.Master.Annotations) > 0 && if len(r.Configuration.Jenkins.Spec.Master.Annotations) > 0 &&
!comparePodAnnotations(r.Configuration.Jenkins.Spec.Master.Annotations, currentJenkinsMasterPod.ObjectMeta.Annotations) { !compareAnnotations(r.Configuration.Jenkins.Spec.Master.Annotations, currentJenkinsMasterPod.ObjectMeta.Annotations) {
messages = append(messages, "Jenkins pod annotations have changed") messages = append(messages, "Jenkins pod annotations have changed")
verbose = append(verbose, fmt.Sprintf("Jenkins pod annotations have changed, actual '%+v' required '%+v'", verbose = append(verbose, fmt.Sprintf("Jenkins pod annotations have changed, actual '%+v' required '%+v'",
currentJenkinsMasterPod.ObjectMeta.Annotations, r.Configuration.Jenkins.Spec.Master.Annotations)) currentJenkinsMasterPod.ObjectMeta.Annotations, r.Configuration.Jenkins.Spec.Master.Annotations))
@ -738,7 +761,7 @@ func compareImagePullSecrets(expected, actual []corev1.LocalObjectReference) boo
return true return true
} }
func comparePodAnnotations(expected, actual map[string]string) bool { func compareAnnotations(expected, actual map[string]string) bool {
for expectedKey, expectedValue := range expected { for expectedKey, expectedValue := range expected {
actualValue, found := actual[expectedKey] actualValue, found := actual[expectedKey]
if !found { if !found {

12
pkg/controller/jenkins/configuration/base/reconcile_test.go
View File

@ -659,7 +659,7 @@ func TestComparePodAnnotations(t *testing.T) {
expectedAnnotations := map[string]string{} expectedAnnotations := map[string]string{}
actualAnnotations := map[string]string{} actualAnnotations := map[string]string{}
got := comparePodAnnotations(expectedAnnotations, actualAnnotations) got := compareAnnotations(expectedAnnotations, actualAnnotations)
assert.True(t, got) assert.True(t, got)
}) })
@ -667,7 +667,7 @@ func TestComparePodAnnotations(t *testing.T) {
expectedAnnotations := map[string]string{"one": "two"} expectedAnnotations := map[string]string{"one": "two"}
actualAnnotations := expectedAnnotations actualAnnotations := expectedAnnotations
got := comparePodAnnotations(expectedAnnotations, actualAnnotations) got := compareAnnotations(expectedAnnotations, actualAnnotations)
assert.True(t, got) assert.True(t, got)
}) })
@ -675,7 +675,7 @@ func TestComparePodAnnotations(t *testing.T) {
expectedAnnotations := map[string]string{"one": "two"} expectedAnnotations := map[string]string{"one": "two"}
actualAnnotations := map[string]string{"one": "two", "three": "four"} actualAnnotations := map[string]string{"one": "two", "three": "four"}
got := comparePodAnnotations(expectedAnnotations, actualAnnotations) got := compareAnnotations(expectedAnnotations, actualAnnotations)
assert.True(t, got) assert.True(t, got)
}) })
@ -683,7 +683,7 @@ func TestComparePodAnnotations(t *testing.T) {
expectedAnnotations := map[string]string{"one": "two"} expectedAnnotations := map[string]string{"one": "two"}
actualAnnotations := map[string]string{"three": "four"} actualAnnotations := map[string]string{"three": "four"}
got := comparePodAnnotations(expectedAnnotations, actualAnnotations) got := compareAnnotations(expectedAnnotations, actualAnnotations)
assert.False(t, got) assert.False(t, got)
}) })
@ -691,7 +691,7 @@ func TestComparePodAnnotations(t *testing.T) {
expectedAnnotations := map[string]string{"one": "two"} expectedAnnotations := map[string]string{"one": "two"}
actualAnnotations := map[string]string{"one": "three"} actualAnnotations := map[string]string{"one": "three"}
got := comparePodAnnotations(expectedAnnotations, actualAnnotations) got := compareAnnotations(expectedAnnotations, actualAnnotations)
assert.False(t, got) assert.False(t, got)
}) })
@ -699,7 +699,7 @@ func TestComparePodAnnotations(t *testing.T) {
expectedAnnotations := map[string]string{"one": "two", "missing": "something"} expectedAnnotations := map[string]string{"one": "two", "missing": "something"}
actualAnnotations := map[string]string{"one": "three"} actualAnnotations := map[string]string{"one": "three"}
got := comparePodAnnotations(expectedAnnotations, actualAnnotations) got := compareAnnotations(expectedAnnotations, actualAnnotations)
assert.False(t, got) assert.False(t, got)
}) })

5
pkg/controller/jenkins/configuration/base/resources/service_account.go
View File

@ -5,8 +5,9 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
) )
// NewServiceAccount return kubernetes service account // NewServiceAccount return Kubernetes service account
func NewServiceAccount(meta metav1.ObjectMeta) *v1.ServiceAccount { func NewServiceAccount(meta metav1.ObjectMeta, annotations map[string]string) *v1.ServiceAccount {
meta.Annotations = annotations
return &v1.ServiceAccount{ return &v1.ServiceAccount{
TypeMeta: metav1.TypeMeta{ TypeMeta: metav1.TypeMeta{
Kind: "ServiceAccount", Kind: "ServiceAccount",