Convert default account definiton into JSON
This commit is contained in:
Sergey Dudoladov
parent
e3f7fac443
commit
d99b553ec1
|
|
@ -208,13 +208,11 @@ func (c *Cluster) createPodServiceAccounts() error {
|
||||||
_, err := c.KubeClient.ServiceAccounts(c.Namespace).Get(podServiceAccountName, metav1.GetOptions{})
|
_, err := c.KubeClient.ServiceAccounts(c.Namespace).Get(podServiceAccountName, metav1.GetOptions{})
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
c.logger.Warnf("the pod service account %q cannot be retrieved in the namespace %q. Stateful sets in the namespace may be unable to create pods. Error: %v", podServiceAccountName, c.Namespace, err)
|
c.logger.Infof("the pod service account %q cannot be retrieved in the namespace %q; stateful sets in the namespace may be unable to create pods. Trying to deploy the account.", podServiceAccountName, c.Namespace)
|
||||||
|
|
||||||
// get a separate copy of service account
|
// get a separate copy of service account
|
||||||
// to prevent a race condition when setting a namespace for many clusters
|
// to prevent a race condition when setting a namespace for many clusters
|
||||||
sa := *c.PodServiceAccount
|
sa := *c.PodServiceAccount
|
||||||
sa.SetNamespace(c.Namespace)
|
|
||||||
|
|
||||||
_, err = c.KubeClient.ServiceAccounts(c.Namespace).Create(&sa)
|
_, err = c.KubeClient.ServiceAccounts(c.Namespace).Create(&sa)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("cannot deploy the pod service account %q defined in the config map to the %q namespace: %v", podServiceAccountName, c.Namespace, err)
|
return fmt.Errorf("cannot deploy the pod service account %q defined in the config map to the %q namespace: %v", podServiceAccountName, c.Namespace, err)
|
||||||
|
|
|
||||||
|
|
@ -120,6 +120,17 @@ func (c *Controller) initOperatorConfig() {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *Controller) initPodServiceAccount() {
|
func (c *Controller) initPodServiceAccount() {
|
||||||
|
|
||||||
|
if c.opConfig.PodServiceAccountDefinition == "" {
|
||||||
|
c.opConfig.PodServiceAccountDefinition = `
|
||||||
|
{ "apiVersion": "v1",
|
||||||
|
"kind": "ServiceAccount",
|
||||||
|
"metadata": {
|
||||||
|
"name": "operator"
|
||||||
|
}
|
||||||
|
}`
|
||||||
|
}
|
||||||
|
|
||||||
// re-uses k8s internal parsing. See k8s client-go issue #193 for explanation
|
// re-uses k8s internal parsing. See k8s client-go issue #193 for explanation
|
||||||
decode := scheme.Codecs.UniversalDeserializer().Decode
|
decode := scheme.Codecs.UniversalDeserializer().Decode
|
||||||
obj, groupVersionKind, err := decode([]byte(c.opConfig.PodServiceAccountDefinition), nil, nil)
|
obj, groupVersionKind, err := decode([]byte(c.opConfig.PodServiceAccountDefinition), nil, nil)
|
||||||
|
|
@ -134,6 +145,7 @@ func (c *Controller) initPodServiceAccount() {
|
||||||
if c.PodServiceAccount.Name != c.opConfig.PodServiceAccountName {
|
if c.PodServiceAccount.Name != c.opConfig.PodServiceAccountName {
|
||||||
c.logger.Warnf("in the operator config map, the pod service account name %v does not match the name %v given in the account definition; using the former for consistency", c.opConfig.PodServiceAccountName, c.PodServiceAccount.Name)
|
c.logger.Warnf("in the operator config map, the pod service account name %v does not match the name %v given in the account definition; using the former for consistency", c.opConfig.PodServiceAccountName, c.PodServiceAccount.Name)
|
||||||
c.PodServiceAccount.Name = c.opConfig.PodServiceAccountName
|
c.PodServiceAccount.Name = c.opConfig.PodServiceAccountName
|
||||||
|
c.PodServiceAccount.Namespace = ""
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -73,7 +73,8 @@ type Config struct {
|
||||||
DockerImage string `name:"docker_image" default:"registry.opensource.zalan.do/acid/spiloprivate-9.6:1.2-p4"`
|
DockerImage string `name:"docker_image" default:"registry.opensource.zalan.do/acid/spiloprivate-9.6:1.2-p4"`
|
||||||
// default name `operator` enables backward compatibility with the older ServiceAccountName field
|
// default name `operator` enables backward compatibility with the older ServiceAccountName field
|
||||||
PodServiceAccountName string `name:"pod_service_account_name" default:"operator"`
|
PodServiceAccountName string `name:"pod_service_account_name" default:"operator"`
|
||||||
PodServiceAccountDefinition string `name:"pod_service_account_definition" default:"apiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: operator\n"`
|
// value of this string must be valid JSON or YAML; see initPodServiceAccount
|
||||||
|
PodServiceAccountDefinition string `name:"pod_service_account_definition" default:""`
|
||||||
DbHostedZone string `name:"db_hosted_zone" default:"db.example.com"`
|
DbHostedZone string `name:"db_hosted_zone" default:"db.example.com"`
|
||||||
EtcdScope string `name:"etcd_scope" default:"service"`
|
EtcdScope string `name:"etcd_scope" default:"service"`
|
||||||
WALES3Bucket string `name:"wal_s3_bucket"`
|
WALES3Bucket string `name:"wal_s3_bucket"`
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue