feat(helm): add service account flag to helm init

helps with half of #2224
pull/2365/head
Michelle Noorali 8 years ago
parent 12300745d3
commit 64e9e47183

@ -66,17 +66,18 @@ var (
) )
type initCmd struct { type initCmd struct {
image string image string
clientOnly bool clientOnly bool
canary bool canary bool
upgrade bool upgrade bool
namespace string namespace string
dryRun bool dryRun bool
skipRefresh bool skipRefresh bool
out io.Writer out io.Writer
home helmpath.Home home helmpath.Home
opts installer.Options opts installer.Options
kubeClient internalclientset.Interface kubeClient internalclientset.Interface
serviceAccount string
} }
func newInitCmd(out io.Writer) *cobra.Command { func newInitCmd(out io.Writer) *cobra.Command {
@ -116,6 +117,7 @@ func newInitCmd(out io.Writer) *cobra.Command {
f.StringVar(&localRepositoryURL, "local-repo-url", localRepositoryURL, "URL for local repository") f.StringVar(&localRepositoryURL, "local-repo-url", localRepositoryURL, "URL for local repository")
f.BoolVar(&i.opts.EnableHostNetwork, "net-host", false, "install tiller with net=host") f.BoolVar(&i.opts.EnableHostNetwork, "net-host", false, "install tiller with net=host")
f.StringVar(&i.serviceAccount, "service-account", "", "name of service account")
return cmd return cmd
} }
@ -154,6 +156,7 @@ func (i *initCmd) run() error {
i.opts.Namespace = i.namespace i.opts.Namespace = i.namespace
i.opts.UseCanary = i.canary i.opts.UseCanary = i.canary
i.opts.ImageSpec = i.image i.opts.ImageSpec = i.image
i.opts.ServiceAccount = i.serviceAccount
if settings.Debug { if settings.Debug {
writeYAMLManifest := func(apiVersion, kind, body string, first, last bool) error { writeYAMLManifest := func(apiVersion, kind, body string, first, last bool) error {

@ -131,6 +131,7 @@ func generateDeployment(opts *Options) *extensions.Deployment {
Labels: labels, Labels: labels,
}, },
Spec: api.PodSpec{ Spec: api.PodSpec{
ServiceAccountName: opts.ServiceAccount,
Containers: []api.Container{ Containers: []api.Container{
{ {
Name: "tiller", Name: "tiller",

@ -70,6 +70,34 @@ func TestDeploymentManifest(t *testing.T) {
} }
} }
func TestDeploymentManifestForServiceAccount(t *testing.T) {
tests := []struct {
name string
image string
canary bool
expect string
imagePullPolicy api.PullPolicy
serviceAccount string
}{
{"withSA", "", false, "gcr.io/kubernetes-helm/tiller:latest", "IfNotPresent", "service-account"},
{"withoutSA", "", false, "gcr.io/kubernetes-helm/tiller:latest", "IfNotPresent", ""},
}
for _, tt := range tests {
o, err := DeploymentManifest(&Options{Namespace: api.NamespaceDefault, ImageSpec: tt.image, UseCanary: tt.canary, ServiceAccount: tt.serviceAccount})
if err != nil {
t.Fatalf("%s: error %q", tt.name, err)
}
var d extensions.Deployment
if err := yaml.Unmarshal([]byte(o), &d); err != nil {
t.Fatalf("%s: error %q", tt.name, err)
}
if got := d.Spec.Template.Spec.ServiceAccountName; got != tt.serviceAccount {
t.Errorf("%s: expected service account value %q, got %q", tt.name, tt.serviceAccount, got)
}
}
}
func TestDeploymentManifest_WithTLS(t *testing.T) { func TestDeploymentManifest_WithTLS(t *testing.T) {
tests := []struct { tests := []struct {
opts Options opts Options

@ -43,6 +43,9 @@ type Options struct {
// Namespace is the kubernetes namespace to use to deploy tiller. // Namespace is the kubernetes namespace to use to deploy tiller.
Namespace string Namespace string
// ServiceAccount is the Kubernetes service account to add to tiller
ServiceAccount string
// ImageSpec indentifies the image tiller will use when deployed. // ImageSpec indentifies the image tiller will use when deployed.
// //
// Valid if and only if UseCanary is false. // Valid if and only if UseCanary is false.

@ -38,6 +38,7 @@ helm init
--dry-run do not install local or remote --dry-run do not install local or remote
--local-repo-url string URL for local repository (default "http://127.0.0.1:8879/charts") --local-repo-url string URL for local repository (default "http://127.0.0.1:8879/charts")
--net-host install tiller with net=host --net-host install tiller with net=host
--service-account string name of service account
--skip-refresh do not refresh (download) the local repository cache --skip-refresh do not refresh (download) the local repository cache
--stable-repo-url string URL for stable repository (default "https://kubernetes-charts.storage.googleapis.com") --stable-repo-url string URL for stable repository (default "https://kubernetes-charts.storage.googleapis.com")
-i, --tiller-image string override tiller image -i, --tiller-image string override tiller image
@ -62,4 +63,4 @@ helm init
### SEE ALSO ### SEE ALSO
* [helm](helm.md) - The Helm package manager for Kubernetes. * [helm](helm.md) - The Helm package manager for Kubernetes.
###### Auto generated by spf13/cobra on 18-Apr-2017 ###### Auto generated by spf13/cobra on 1-May-2017

@ -1,4 +1,4 @@
.TH "HELM" "1" "Apr 2017" "Auto generated by spf13/cobra" "" .TH "HELM" "1" "May 2017" "Auto generated by spf13/cobra" ""
.nh .nh
.ad l .ad l
@ -61,6 +61,10 @@ To dump a manifest containing the Tiller deployment YAML, combine the
\fB\-\-net\-host\fP[=false] \fB\-\-net\-host\fP[=false]
install tiller with net=host install tiller with net=host
.PP
\fB\-\-service\-account\fP=""
name of service account
.PP .PP
\fB\-\-skip\-refresh\fP[=false] \fB\-\-skip\-refresh\fP[=false]
do not refresh (download) the local repository cache do not refresh (download) the local repository cache
@ -128,4 +132,4 @@ To dump a manifest containing the Tiller deployment YAML, combine the
.SH HISTORY .SH HISTORY
.PP .PP
18\-Apr\-2017 Auto generated by spf13/cobra 1\-May\-2017 Auto generated by spf13/cobra

@ -638,6 +638,8 @@ _helm_init()
local_nonpersistent_flags+=("--local-repo-url=") local_nonpersistent_flags+=("--local-repo-url=")
flags+=("--net-host") flags+=("--net-host")
local_nonpersistent_flags+=("--net-host") local_nonpersistent_flags+=("--net-host")
flags+=("--service-account=")
local_nonpersistent_flags+=("--service-account=")
flags+=("--skip-refresh") flags+=("--skip-refresh")
local_nonpersistent_flags+=("--skip-refresh") local_nonpersistent_flags+=("--skip-refresh")
flags+=("--stable-repo-url=") flags+=("--stable-repo-url=")

Loading…
Cancel
Save