Merge pull request #53 from shopware/support-s3

chore: access key and secret key can be empty if role is used
shopware · Oct 14, 2024 · a9f3648 · a9f3648
2 parents e23d1b0 + cfd1cc0
commit a9f3648
Show file tree

Hide file tree

Showing 7 changed files with 52 additions and 12 deletions.
diff --git a/api/v1/env.go b/api/v1/env.go
@@ -185,7 +185,7 @@ func (s *Store) getBlackfire() []corev1.EnvVar {
 // TODO: Minio should use bucketname before URL. So we have public.domain.com see:
 // https://min.io/docs/minio/linux/administration/object-management.html#minio-object-management-path-virtual-access
 func (s *Store) getStorage() []corev1.EnvVar {
-	return []corev1.EnvVar{
+	envVars := []corev1.EnvVar{
 		{
 			Name:  "K8S_FILESYSTEM_PUBLIC_BUCKET",
 			Value: s.Spec.S3Storage.PublicBucketName,
@@ -207,7 +207,10 @@ func (s *Store) getStorage() []corev1.EnvVar {
 			Name:  "K8S_FILESYSTEM_ENDPOINT",
 			Value: s.Spec.S3Storage.EndpointURL,
 		},
-		{
+	}
+
+	if s.Spec.S3Storage.AccessKeyRef.Name != "" {
+		envVars = append(envVars, corev1.EnvVar{
 			Name: "AWS_ACCESS_KEY_ID",
 			ValueFrom: &corev1.EnvVarSource{
 				SecretKeyRef: &corev1.SecretKeySelector{
@@ -217,8 +220,11 @@ func (s *Store) getStorage() []corev1.EnvVar {
 					Key: s.Spec.S3Storage.AccessKeyRef.Key,
 				},
 			},
-		},
-		{
+		})
+	}
+
+	if s.Spec.S3Storage.SecretAccessKeyRef.Key != "" {
+		envVars = append(envVars, corev1.EnvVar{
 			Name: "AWS_SECRET_ACCESS_KEY",
 			ValueFrom: &corev1.EnvVarSource{
 				SecretKeyRef: &corev1.SecretKeySelector{
@@ -228,8 +234,10 @@ func (s *Store) getStorage() []corev1.EnvVar {
 					Key: s.Spec.S3Storage.SecretAccessKeyRef.Key,
 				},
 			},
-		},
+		})
 	}
+
+	return envVars
 }
 
 func (s *Store) GetEnv() []corev1.EnvVar {

diff --git a/api/v1/store.go b/api/v1/store.go
@@ -37,6 +37,7 @@ type StoreSpec struct {
 	Otel                    OtelSpec      `json:"otel,omitempty"`
 	FPM                     FPMSpec       `json:"fpm,omitempty"`
 	HorizontalPodAutoscaler HPASpec       `json:"horizontalPodAutoscaler,omitempty"`
+	ServiceAccountName      string        `json:"serviceAccountName,omitempty"`
 
 	// +kubebuilder:default=false
 	DisableChecks bool `json:"disableChecks,omitempty"`
@@ -242,8 +243,8 @@ type S3Storage struct {
 	PublicBucketName string `json:"publicBucketName"`
 	Region           string `json:"region,omitempty"`
 
-	AccessKeyRef       SecretRef `json:"accessKeyRef"`
-	SecretAccessKeyRef SecretRef `json:"secretAccessKeyRef"`
+	AccessKeyRef       SecretRef `json:"accessKeyRef,omitempty"`
+	SecretAccessKeyRef SecretRef `json:"secretAccessKeyRef,omitempty"`
 }
 
 type DatabaseSpec struct {

diff --git a/internal/deployment/admin.go b/internal/deployment/admin.go
@@ -79,7 +79,7 @@ func AdminDeployment(store *v1.Store) *appsv1.Deployment {
 		Resources: store.Spec.Container.Resources,
 	})
 
-	return &appsv1.Deployment{
+	deployment := &appsv1.Deployment{
 		TypeMeta: metav1.TypeMeta{
 			Kind:       "Deployment",
 			APIVersion: "apps/v1",
@@ -93,6 +93,7 @@ func AdminDeployment(store *v1.Store) *appsv1.Deployment {
 		Spec: appsv1.DeploymentSpec{
 			ProgressDeadlineSeconds: &store.Spec.Container.ProgressDeadlineSeconds,
 			Replicas:                &store.Spec.Container.Replicas,
+
 			Selector: &metav1.LabelSelector{
 				MatchLabels: map[string]string{
 					"app": appName,
@@ -126,6 +127,12 @@ func AdminDeployment(store *v1.Store) *appsv1.Deployment {
 			},
 		},
 	}
+
+	if store.Spec.ServiceAccountName != "" {
+		deployment.Spec.Template.Spec.ServiceAccountName = store.Spec.ServiceAccountName
+	}
+
+	return deployment
 }
 
 func GetAdminDeploymentName(store *v1.Store) string {

diff --git a/internal/deployment/storefront.go b/internal/deployment/storefront.go
@@ -81,7 +81,7 @@ func StorefrontDeployment(store *v1.Store) *appsv1.Deployment {
 		Resources: store.Spec.Container.Resources,
 	})
 
-	return &appsv1.Deployment{
+	deployment := &appsv1.Deployment{
 		TypeMeta: metav1.TypeMeta{
 			Kind:       "Deployment",
 			APIVersion: "apps/v1",
@@ -128,6 +128,12 @@ func StorefrontDeployment(store *v1.Store) *appsv1.Deployment {
 			},
 		},
 	}
+
+	if store.Spec.ServiceAccountName != "" {
+		deployment.Spec.Template.Spec.ServiceAccountName = store.Spec.ServiceAccountName
+	}
+
+	return deployment
 }
 
 func GetStorefrontDeploymentName(store *v1.Store) string {

diff --git a/internal/deployment/worker.go b/internal/deployment/worker.go
@@ -63,7 +63,7 @@ func WorkerDeployment(store *v1.Store) *appsv1.Deployment {
 		Resources: store.Spec.Container.Resources,
 	})
 
-	return &appsv1.Deployment{
+	deployment := &appsv1.Deployment{
 		TypeMeta: metav1.TypeMeta{
 			Kind:       "Deployment",
 			APIVersion: "apps/v1",
@@ -110,6 +110,12 @@ func WorkerDeployment(store *v1.Store) *appsv1.Deployment {
 			},
 		},
 	}
+
+	if store.Spec.ServiceAccountName != "" {
+		deployment.Spec.Template.Spec.ServiceAccountName = store.Spec.ServiceAccountName
+	}
+
+	return deployment
 }
 
 func GetWorkerDeploymentName(store *v1.Store) string {

diff --git a/internal/job/migration.go b/internal/job/migration.go
@@ -65,7 +65,7 @@ func MigrationJob(store *v1.Store) *batchv1.Job {
 		Env:             store.GetEnv(),
 	})
 
-	return &batchv1.Job{
+	job := &batchv1.Job{
 		TypeMeta: metav1.TypeMeta{
 			Kind:       "Job",
 			APIVersion: "batch/v1"},
@@ -95,6 +95,12 @@ func MigrationJob(store *v1.Store) *batchv1.Job {
 			},
 		},
 	}
+
+	if store.Spec.ServiceAccountName != "" {
+		job.Spec.Template.Spec.ServiceAccountName = store.Spec.ServiceAccountName
+	}
+
+	return job
 }
 
 func MigrateJobName(store *v1.Store) string {

diff --git a/internal/job/setup.go b/internal/job/setup.go
@@ -67,7 +67,7 @@ func SetupJob(store *v1.Store) *batchv1.Job {
 		Env:             envs,
 	})
 
-	return &batchv1.Job{
+	job := &batchv1.Job{
 		TypeMeta: metav1.TypeMeta{
 			Kind:       "Job",
 			APIVersion: "batch/v1",
@@ -98,6 +98,12 @@ func SetupJob(store *v1.Store) *batchv1.Job {
 			},
 		},
 	}
+
+	if store.Spec.ServiceAccountName != "" {
+		job.Spec.Template.Spec.ServiceAccountName = store.Spec.ServiceAccountName
+	}
+
+	return job
 }
 
 func GetSetupJobName(store *v1.Store) string {