Convert default account definiton into JSON

2018-04-25 12:35:16 +02:00 · 2018-04-25 12:35:16 +02:00 · d99b553ec1
parent e3f7fac443
commit d99b553ec1
3 changed files with 16 additions and 5 deletions
--- a/pkg/cluster/cluster.go
+++ b/pkg/cluster/cluster.go
@ -208,13 +208,11 @@ func (c *Cluster) createPodServiceAccounts() error {
 	_, err := c.KubeClient.ServiceAccounts(c.Namespace).Get(podServiceAccountName, metav1.GetOptions{})
 	if err != nil {
-		c.logger.Warnf("the pod service account %q cannot be retrieved in the namespace %q. Stateful sets in the namespace may be unable to create pods. Error: %v", podServiceAccountName, c.Namespace, err)
+		c.logger.Infof("the pod service account %q cannot be retrieved in the namespace %q; stateful sets in the namespace may be unable to create pods. Trying to deploy the account.", podServiceAccountName, c.Namespace)
 		// get a separate copy of service account
 		// to prevent a race condition when setting a namespace for many clusters
 		sa := *c.PodServiceAccount
 		sa.SetNamespace(c.Namespace)
 		_, err = c.KubeClient.ServiceAccounts(c.Namespace).Create(&sa)
 		if err != nil {
 			return fmt.Errorf("cannot deploy the pod service account %q defined in the config map to the %q namespace: %v", podServiceAccountName, c.Namespace, err)
--- a/pkg/controller/controller.go
+++ b/pkg/controller/controller.go
@ -120,6 +120,17 @@ func (c *Controller) initOperatorConfig() {
 }
 func (c *Controller) initPodServiceAccount() {
 	if c.opConfig.PodServiceAccountDefinition == "" {
 		c.opConfig.PodServiceAccountDefinition = `
 		{ "apiVersion": "v1", 
 		  "kind": "ServiceAccount", 
 		  "metadata": { 
 				 "name": "operator" 
 		   }
 		}`
 	}
 	// re-uses k8s internal parsing. See k8s client-go issue #193 for explanation
 	decode := scheme.Codecs.UniversalDeserializer().Decode
 	obj, groupVersionKind, err := decode([]byte(c.opConfig.PodServiceAccountDefinition), nil, nil)
@ -134,6 +145,7 @@ func (c *Controller) initPodServiceAccount() {
 		if c.PodServiceAccount.Name != c.opConfig.PodServiceAccountName {
 			c.logger.Warnf("in the operator config map, the pod service account name %v does not match the name %v given in the account definition; using the former for consistency", c.opConfig.PodServiceAccountName, c.PodServiceAccount.Name)
 			c.PodServiceAccount.Name = c.opConfig.PodServiceAccountName
 			c.PodServiceAccount.Namespace = ""
 		}
 	}
--- a/pkg/util/config/config.go
+++ b/pkg/util/config/config.go
@ -72,8 +72,9 @@ type Config struct {
 	EtcdHost         string `name:"etcd_host" default:"etcd-client.default.svc.cluster.local:2379"`
 	DockerImage      string `name:"docker_image" default:"registry.opensource.zalan.do/acid/spiloprivate-9.6:1.2-p4"`
 	// default name `operator` enables backward compatibility with the older ServiceAccountName field
-	PodServiceAccountName       string `name:"pod_service_account_name" default:"operator"`
+	PodServiceAccountName string `name:"pod_service_account_name" default:"operator"`
-	PodServiceAccountDefinition string `name:"pod_service_account_definition" default:"apiVersion: v1\nkind: ServiceAccount\nmetadata:\n  name: operator\n"`
+	// value of this string must be valid JSON or YAML; see initPodServiceAccount
 	PodServiceAccountDefinition string `name:"pod_service_account_definition" default:""`
 	DbHostedZone                string `name:"db_hosted_zone" default:"db.example.com"`
 	EtcdScope                   string `name:"etcd_scope" default:"service"`
 	WALES3Bucket                string `name:"wal_s3_bucket"`