feat(helm): add service account flag to helm init

helps with half of #2224
7 years ago · 64e9e47183
parent 12300745d3
commit 64e9e47183
7 changed files with 56 additions and 14 deletions
--- a/cmd/helm/init.go
+++ b/cmd/helm/init.go
@ -77,6 +77,7 @@ type initCmd struct {
 	home           helmpath.Home
 	opts           installer.Options
 	kubeClient     internalclientset.Interface
+	serviceAccount string
 }

 func newInitCmd(out io.Writer) *cobra.Command {
@ -116,6 +117,7 @@ func newInitCmd(out io.Writer) *cobra.Command {
 	f.StringVar(&localRepositoryURL, "local-repo-url", localRepositoryURL, "URL for local repository")

 	f.BoolVar(&i.opts.EnableHostNetwork, "net-host", false, "install tiller with net=host")
+	f.StringVar(&i.serviceAccount, "service-account", "", "name of service account")

 	return cmd
 }
@ -154,6 +156,7 @@ func (i *initCmd) run() error {
 	i.opts.Namespace = i.namespace
 	i.opts.UseCanary = i.canary
 	i.opts.ImageSpec = i.image
+	i.opts.ServiceAccount = i.serviceAccount

 	if settings.Debug {
 		writeYAMLManifest := func(apiVersion, kind, body string, first, last bool) error {
--- a/cmd/helm/installer/install.go
+++ b/cmd/helm/installer/install.go
@ -131,6 +131,7 @@ func generateDeployment(opts *Options) *extensions.Deployment {
 					Labels: labels,
 				},
 				Spec: api.PodSpec{
+					ServiceAccountName: opts.ServiceAccount,
 					Containers: []api.Container{
 						{
 							Name:            "tiller",
--- a/cmd/helm/installer/install_test.go
+++ b/cmd/helm/installer/install_test.go
@ -70,6 +70,34 @@ func TestDeploymentManifest(t *testing.T) {
 	}
 }

+func TestDeploymentManifestForServiceAccount(t *testing.T) {
+	tests := []struct {
+		name            string
+		image           string
+		canary          bool
+		expect          string
+		imagePullPolicy api.PullPolicy
+		serviceAccount  string
+	}{
+		{"withSA", "", false, "gcr.io/kubernetes-helm/tiller:latest", "IfNotPresent", "service-account"},
+		{"withoutSA", "", false, "gcr.io/kubernetes-helm/tiller:latest", "IfNotPresent", ""},
+	}
+	for _, tt := range tests {
+		o, err := DeploymentManifest(&Options{Namespace: api.NamespaceDefault, ImageSpec: tt.image, UseCanary: tt.canary, ServiceAccount: tt.serviceAccount})
+		if err != nil {
+			t.Fatalf("%s: error %q", tt.name, err)
+		}
+
+		var d extensions.Deployment
+		if err := yaml.Unmarshal([]byte(o), &d); err != nil {
+			t.Fatalf("%s: error %q", tt.name, err)
+		}
+		if got := d.Spec.Template.Spec.ServiceAccountName; got != tt.serviceAccount {
+			t.Errorf("%s: expected service account value %q, got %q", tt.name, tt.serviceAccount, got)
+		}
+	}
+}
+
 func TestDeploymentManifest_WithTLS(t *testing.T) {
 	tests := []struct {
 		opts   Options
--- a/cmd/helm/installer/options.go
+++ b/cmd/helm/installer/options.go
@ -43,6 +43,9 @@ type Options struct {
 	// Namespace is the kubernetes namespace to use to deploy tiller.
 	Namespace string

+	// ServiceAccount is the Kubernetes service account to add to tiller
+	ServiceAccount string
+
 	// ImageSpec indentifies the image tiller will use when deployed.
 	//
 	// Valid if and only if UseCanary is false.
--- a/docs/helm/helm_init.md
+++ b/docs/helm/helm_init.md
@ -38,6 +38,7 @@ helm init
      --dry-run                  do not install local or remote
      --local-repo-url string    URL for local repository (default "http://127.0.0.1:8879/charts")
      --net-host                 install tiller with net=host
+      --service-account string   name of service account
      --skip-refresh             do not refresh (download) the local repository cache
      --stable-repo-url string   URL for stable repository (default "https://kubernetes-charts.storage.googleapis.com")
  -i, --tiller-image string      override tiller image
@ -62,4 +63,4 @@ helm init
 ### SEE ALSO
 * [helm](helm.md)	 - The Helm package manager for Kubernetes.

-###### Auto generated by spf13/cobra on 18-Apr-2017
+###### Auto generated by spf13/cobra on 1-May-2017
--- a/docs/man/man1/helm_init.1
+++ b/docs/man/man1/helm_init.1
@ -1,4 +1,4 @@
-.TH "HELM" "1" "Apr 2017" "Auto generated by spf13/cobra" "" 
+.TH "HELM" "1" "May 2017" "Auto generated by spf13/cobra" ""
 .nh
 .ad l

@ -61,6 +61,10 @@ To dump a manifest containing the Tiller deployment YAML, combine the
 \fB\-\-net\-host\fP[=false]
    install tiller with net=host

+.PP
+\fB\-\-service\-account\fP=""
+    name of service account
+
 .PP
 \fB\-\-skip\-refresh\fP[=false]
    do not refresh (download) the local repository cache
@ -128,4 +132,4 @@ To dump a manifest containing the Tiller deployment YAML, combine the

 .SH HISTORY
 .PP
-18\-Apr\-2017 Auto generated by spf13/cobra
+1\-May\-2017 Auto generated by spf13/cobra
--- a/scripts/completions.bash
+++ b/scripts/completions.bash
@ -638,6 +638,8 @@ _helm_init()
    local_nonpersistent_flags+=("--local-repo-url=")
    flags+=("--net-host")
    local_nonpersistent_flags+=("--net-host")
+    flags+=("--service-account=")
+    local_nonpersistent_flags+=("--service-account=")
    flags+=("--skip-refresh")
    local_nonpersistent_flags+=("--skip-refresh")
    flags+=("--stable-repo-url=")