msb-public
/
helm
mirror of https://github.com/helm/helm
1
0
Code Issues Projects Releases Wiki Activity

introduce `helm init --automount-service-account-token` (#4589)

Browse Source 
Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
pull/4608/head
Matthew Fisher 6 years ago committed by GitHub
parent bef59e40dc
commit 10db6a6fb5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 47 additions and 27 deletions
Show Stats Download Patch File Download Diff File

1
cmd/helm/init.go
Unescape View File

@ -139,6 +139,7 @@ func newInitCmd(out io.Writer) *cobra.Command {
f.StringVar(&i.opts.NodeSelectors, "node-selectors", "", "labels to specify the node on which Tiller is installed (app=tiller,helm=rocks)") f.StringVar(&i.opts.NodeSelectors, "node-selectors", "", "labels to specify the node on which Tiller is installed (app=tiller,helm=rocks)")
f.VarP(&i.opts.Output, "output", "o", "skip installation and output Tiller's manifest in specified format (json or yaml)") f.VarP(&i.opts.Output, "output", "o", "skip installation and output Tiller's manifest in specified format (json or yaml)")
f.StringArrayVar(&i.opts.Values, "override", []string{}, "override values for the Tiller Deployment manifest (can specify multiple or separate values with commas: key1=val1,key2=val2)") f.StringArrayVar(&i.opts.Values, "override", []string{}, "override values for the Tiller Deployment manifest (can specify multiple or separate values with commas: key1=val1,key2=val2)")
f.BoolVar(&i.opts.AutoMountServiceAccountToken, "automount-service-account-token", true, "auto-mount the given service account to tiller")
return cmd return cmd
} }

1
cmd/helm/installer/install.go
Unescape View File

@ -219,6 +219,7 @@ func generateDeployment(opts *Options) (*v1beta1.Deployment, error) {
}, },
Spec: v1.PodSpec{ Spec: v1.PodSpec{
ServiceAccountName: opts.ServiceAccount, ServiceAccountName: opts.ServiceAccount,
AutomountServiceAccountToken: &opts.AutoMountServiceAccountToken,
Containers: []v1.Container{ Containers: []v1.Container{
{ {
Name: "tiller", Name: "tiller",

15
cmd/helm/installer/install_test.go
Unescape View File

@ -80,7 +80,8 @@ func TestDeploymentForServiceAccount(t *testing.T) {
{"withoutSA", "", false, "gcr.io/kubernetes-helm/tiller:latest", "IfNotPresent", ""}, {"withoutSA", "", false, "gcr.io/kubernetes-helm/tiller:latest", "IfNotPresent", ""},
} }
for _, tt := range tests { for _, tt := range tests {
d, err := Deployment(&Options{Namespace: v1.NamespaceDefault, ImageSpec: tt.image, UseCanary: tt.canary, ServiceAccount: tt.serviceAccount}) opts := &Options{Namespace: v1.NamespaceDefault, ImageSpec: tt.image, UseCanary: tt.canary, ServiceAccount: tt.serviceAccount}
d, err := Deployment(opts)
if err != nil { if err != nil {
t.Fatalf("%s: error %q", tt.name, err) t.Fatalf("%s: error %q", tt.name, err)
} }
@ -88,6 +89,18 @@ func TestDeploymentForServiceAccount(t *testing.T) {
if got := d.Spec.Template.Spec.ServiceAccountName; got != tt.serviceAccount { if got := d.Spec.Template.Spec.ServiceAccountName; got != tt.serviceAccount {
t.Errorf("%s: expected service account value %q, got %q", tt.name, tt.serviceAccount, got) t.Errorf("%s: expected service account value %q, got %q", tt.name, tt.serviceAccount, got)
} }
if got := *d.Spec.Template.Spec.AutomountServiceAccountToken; got != false {
t.Errorf("%s: expected AutomountServiceAccountToken = %t, got %t", tt.name, false, got)
}
opts.AutoMountServiceAccountToken = true
d, err = Deployment(opts)
if err != nil {
t.Fatalf("%s: error %q", tt.name, err)
}
if got := *d.Spec.Template.Spec.AutomountServiceAccountToken; got != true {
t.Errorf("%s: expected AutomountServiceAccountToken = %t, got %t", tt.name, true, got)
}
} }
} }

3
cmd/helm/installer/options.go
Unescape View File

@ -47,6 +47,9 @@ type Options struct {
// ServiceAccount is the Kubernetes service account to add to Tiller. // ServiceAccount is the Kubernetes service account to add to Tiller.
ServiceAccount string ServiceAccount string
// AutoMountServiceAccountToken determines whether or not the service account should be added to Tiller.
AutoMountServiceAccountToken bool
// Force allows to force upgrading tiller if deployed version is greater than current version // Force allows to force upgrading tiller if deployed version is greater than current version
ForceUpgrade bool ForceUpgrade bool

3
docs/helm/helm_init.md
Unescape View File

@ -32,6 +32,7 @@ helm init [flags]
### Options ### Options
``` ```
--automount-service-account-token auto-mount the given service account to tiller (default true)
--canary-image use the canary Tiller image --canary-image use the canary Tiller image
-c, --client-only if set does not install Tiller -c, --client-only if set does not install Tiller
--dry-run do not install local or remote --dry-run do not install local or remote
@ -74,4 +75,4 @@ helm init [flags]
* [helm](helm.md) - The Helm package manager for Kubernetes. * [helm](helm.md) - The Helm package manager for Kubernetes.
###### Auto generated by spf13/cobra on 1-Sep-2018 ###### Auto generated by spf13/cobra on 4-Sep-2018

1
docs/install.md
Unescape View File

@ -132,6 +132,7 @@ You can explicitly tell `helm init` to...
- Install to a particular cluster with `--kube-context` - Install to a particular cluster with `--kube-context`
- Install into a particular namespace with `--tiller-namespace` - Install into a particular namespace with `--tiller-namespace`
- Install Tiller with a Service Account with `--service-account` (for [RBAC enabled clusters](securing_installation.md#rbac)) - Install Tiller with a Service Account with `--service-account` (for [RBAC enabled clusters](securing_installation.md#rbac))
- Install Tiller without mounting a service account with `--automount-service-account false`
Once Tiller is installed, running `helm version` should show you both Once Tiller is installed, running `helm version` should show you both
the client and server version. (If it shows only the client version, the client and server version. (If it shows only the client version,

Write Preview
Loading…
Cancel
Save