Commit d4f46a79 authored by Edmund Ochieng's avatar Edmund Ochieng

set service account in cotrollers

parent 6c11b37d
......@@ -75,7 +75,7 @@ spec:
customresourcedefinitions:
owned:
- description: GitLab is the Schema for the gitlabs API
displayName: Git Lab
displayName: GitLab
kind: GitLab
name: gitlabs.apps.gitlab.com
version: v1beta1
......
......@@ -11,6 +11,9 @@ import (
corev1 "k8s.io/api/core/v1"
)
// BackupServiceAccount for GitLab backup use
const BackupServiceAccount = "gitlab-backup"
// IsOnDemandBackup returns true if no backup schedule is
// provided. This implies backup should run immediately
func IsOnDemandBackup(cr *gitlabv1beta1.GLBackup) bool {
......@@ -90,7 +93,7 @@ func NewSchedule(cr *gitlabv1beta1.GLBackup) *batchv1beta1.CronJob {
})
backup.Spec.Schedule = cr.Spec.Schedule
backup.Spec.JobTemplate.Spec.Template.Spec.ServiceAccountName = "gitlab-backup"
backup.Spec.JobTemplate.Spec.Template.Spec.ServiceAccountName = BackupServiceAccount
backup.Spec.JobTemplate.Spec.Template.Spec.RestartPolicy = corev1.RestartPolicyOnFailure
return backup
......@@ -113,7 +116,7 @@ func NewBackup(cr *gitlabv1beta1.GLBackup) *batchv1.Job {
},
})
backup.Spec.Template.Spec.ServiceAccountName = "gitlab-backup"
backup.Spec.Template.Spec.ServiceAccountName = BackupServiceAccount
return backup
}
......@@ -209,7 +209,7 @@ func ExporterDeployment(cr *gitlabv1beta1.GitLab) *appsv1.Deployment {
FSGroup: &localUser,
}
exporter.Spec.Template.Spec.ServiceAccountName = "gitlab"
exporter.Spec.Template.Spec.ServiceAccountName = AppServiceAccount
return exporter
}
......@@ -239,7 +239,7 @@ func MigrationsJob(cr *gitlabv1beta1.GitLab) *batchv1.Job {
FSGroup: &localUser,
}
migration.Spec.Template.Spec.ServiceAccountName = "gitlab"
migration.Spec.Template.Spec.ServiceAccountName = AppServiceAccount
return migration
}
......@@ -306,7 +306,7 @@ func BucketCreationJob(cr *gitlabv1beta1.GitLab) *batchv1.Job {
})
var mcUser int64
buckets.Spec.Template.Spec.ServiceAccountName = "gitlab"
buckets.Spec.Template.Spec.ServiceAccountName = AppServiceAccount
buckets.Spec.Template.Spec.SecurityContext = &corev1.PodSecurityContext{
RunAsUser: &mcUser,
FSGroup: &mcUser,
......
......@@ -182,7 +182,7 @@ func MinioStatefulSet(cr *gitlabv1beta1.GitLab) *appsv1.StatefulSet {
FSGroup: &localUser,
}
minio.Spec.Template.Spec.ServiceAccountName = "gitlab"
minio.Spec.Template.Spec.ServiceAccountName = AppServiceAccount
return minio
}
......
......@@ -230,7 +230,7 @@ func ShellDeployment(cr *gitlabv1beta1.GitLab) *appsv1.Deployment {
RunAsUser: &localUser,
}
shell.Spec.Template.Spec.ServiceAccountName = "gitlab"
shell.Spec.Template.Spec.ServiceAccountName = AppServiceAccount
return shell
}
......@@ -427,7 +427,7 @@ func SidekiqDeployment(cr *gitlabv1beta1.GitLab) *appsv1.Deployment {
FSGroup: &localUser,
}
sidekiq.Spec.Template.Spec.ServiceAccountName = "gitlab"
sidekiq.Spec.Template.Spec.ServiceAccountName = AppServiceAccount
return sidekiq
}
......@@ -297,7 +297,7 @@ func PostgresStatefulSet(cr *gitlabv1beta1.GitLab) *appsv1.StatefulSet {
},
})
psql.Spec.Template.Spec.ServiceAccountName = "gitlab"
psql.Spec.Template.Spec.ServiceAccountName = AppServiceAccount
psql.Spec.Template.Spec.SecurityContext = &corev1.PodSecurityContext{
RunAsUser: &postgresUser,
FSGroup: &postgresUser,
......@@ -492,7 +492,7 @@ func RedisStatefulSet(cr *gitlabv1beta1.GitLab) *appsv1.StatefulSet {
},
})
redis.Spec.Template.Spec.ServiceAccountName = "gitlab"
redis.Spec.Template.Spec.ServiceAccountName = AppServiceAccount
redis.Spec.Template.Spec.SecurityContext = &corev1.PodSecurityContext{
RunAsUser: &redisUser,
FSGroup: &redisUser,
......@@ -759,7 +759,7 @@ func GitalyStatefulSet(cr *gitlabv1beta1.GitLab) *appsv1.StatefulSet {
gitaly.Spec.ServiceName = labels["app.kubernetes.io/instance"]
gitaly.Spec.Template.Spec.ServiceAccountName = "gitlab"
gitaly.Spec.Template.Spec.ServiceAccountName = AppServiceAccount
gitaly.Spec.Template.Spec.SecurityContext = &corev1.PodSecurityContext{
RunAsUser: &gitalyUserID,
FSGroup: &gitalyUserID,
......
......@@ -319,7 +319,7 @@ func TaskRunnerDeployment(cr *gitlabv1beta1.GitLab) *appsv1.Deployment {
FSGroup: &localUser,
}
taskRunner.Spec.Template.Spec.ServiceAccountName = "gitlab"
taskRunner.Spec.Template.Spec.ServiceAccountName = AppServiceAccount
return taskRunner
}
......@@ -16,6 +16,9 @@ const (
// DatabaseUser defines name of user in PostgreSQL
DatabaseUser = "gitlab"
// AppServiceAccount for GitLab app use
AppServiceAccount = "gitlab-app"
)
// RedisConfig struct configures redis password
......
......@@ -604,7 +604,7 @@ func WebserviceDeployment(cr *gitlabv1beta1.GitLab) *appsv1.Deployment {
FSGroup: &localUser,
}
webservice.Spec.Template.Spec.ServiceAccountName = "gitlab"
webservice.Spec.Template.Spec.ServiceAccountName = AppServiceAccount
return webservice
}
......@@ -7,6 +7,9 @@ import (
corev1 "k8s.io/api/core/v1"
)
// RunnerServiceAccount defines the sa for GitLab runner
const RunnerServiceAccount string = "gitlab-runner"
// GetDeployment returns the runner deployment object
func GetDeployment(cr *gitlabv1beta1.Runner) *appsv1.Deployment {
labels := gitlabutils.Label(cr.Name, "runner", gitlabutils.RunnerType)
......@@ -432,7 +435,7 @@ func GetDeployment(cr *gitlabv1beta1.Runner) *appsv1.Deployment {
}
// Set runner to use specific service account
runner.Spec.Template.Spec.ServiceAccountName = "gitlab-runner"
runner.Spec.Template.Spec.ServiceAccountName = RunnerServiceAccount
return runner
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment