diff --git a/api/v1/env.go b/api/v1/env.go index 11df9d7..7d73c4d 100644 --- a/api/v1/env.go +++ b/api/v1/env.go @@ -185,7 +185,7 @@ func (s *Store) getBlackfire() []corev1.EnvVar { // TODO: Minio should use bucketname before URL. So we have public.domain.com see: // https://min.io/docs/minio/linux/administration/object-management.html#minio-object-management-path-virtual-access func (s *Store) getStorage() []corev1.EnvVar { - return []corev1.EnvVar{ + envVars := []corev1.EnvVar{ { Name: "K8S_FILESYSTEM_PUBLIC_BUCKET", Value: s.Spec.S3Storage.PublicBucketName, @@ -207,7 +207,10 @@ func (s *Store) getStorage() []corev1.EnvVar { Name: "K8S_FILESYSTEM_ENDPOINT", Value: s.Spec.S3Storage.EndpointURL, }, - { + } + + if s.Spec.S3Storage.AccessKeyRef.Name != "" { + envVars = append(envVars, corev1.EnvVar{ Name: "AWS_ACCESS_KEY_ID", ValueFrom: &corev1.EnvVarSource{ SecretKeyRef: &corev1.SecretKeySelector{ @@ -217,8 +220,11 @@ func (s *Store) getStorage() []corev1.EnvVar { Key: s.Spec.S3Storage.AccessKeyRef.Key, }, }, - }, - { + }) + } + + if s.Spec.S3Storage.SecretAccessKeyRef.Key != "" { + envVars = append(envVars, corev1.EnvVar{ Name: "AWS_SECRET_ACCESS_KEY", ValueFrom: &corev1.EnvVarSource{ SecretKeyRef: &corev1.SecretKeySelector{ @@ -228,8 +234,10 @@ func (s *Store) getStorage() []corev1.EnvVar { Key: s.Spec.S3Storage.SecretAccessKeyRef.Key, }, }, - }, + }) } + + return envVars } func (s *Store) GetEnv() []corev1.EnvVar { diff --git a/api/v1/store.go b/api/v1/store.go index c60a291..adc713f 100644 --- a/api/v1/store.go +++ b/api/v1/store.go @@ -37,6 +37,7 @@ type StoreSpec struct { Otel OtelSpec `json:"otel,omitempty"` FPM FPMSpec `json:"fpm,omitempty"` HorizontalPodAutoscaler HPASpec `json:"horizontalPodAutoscaler,omitempty"` + ServiceAccountName string `json:"serviceAccountName,omitempty"` // +kubebuilder:default=false DisableChecks bool `json:"disableChecks,omitempty"` @@ -242,8 +243,8 @@ type S3Storage struct { PublicBucketName string `json:"publicBucketName"` Region string `json:"region,omitempty"` - AccessKeyRef SecretRef `json:"accessKeyRef"` - SecretAccessKeyRef SecretRef `json:"secretAccessKeyRef"` + AccessKeyRef SecretRef `json:"accessKeyRef,omitempty"` + SecretAccessKeyRef SecretRef `json:"secretAccessKeyRef,omitempty"` } type DatabaseSpec struct { diff --git a/internal/deployment/admin.go b/internal/deployment/admin.go index 1b8e2e3..fb1e356 100644 --- a/internal/deployment/admin.go +++ b/internal/deployment/admin.go @@ -79,7 +79,7 @@ func AdminDeployment(store *v1.Store) *appsv1.Deployment { Resources: store.Spec.Container.Resources, }) - return &appsv1.Deployment{ + deployment := &appsv1.Deployment{ TypeMeta: metav1.TypeMeta{ Kind: "Deployment", APIVersion: "apps/v1", @@ -93,6 +93,7 @@ func AdminDeployment(store *v1.Store) *appsv1.Deployment { Spec: appsv1.DeploymentSpec{ ProgressDeadlineSeconds: &store.Spec.Container.ProgressDeadlineSeconds, Replicas: &store.Spec.Container.Replicas, + Selector: &metav1.LabelSelector{ MatchLabels: map[string]string{ "app": appName, @@ -126,6 +127,12 @@ func AdminDeployment(store *v1.Store) *appsv1.Deployment { }, }, } + + if store.Spec.ServiceAccountName != "" { + deployment.Spec.Template.Spec.ServiceAccountName = store.Spec.ServiceAccountName + } + + return deployment } func GetAdminDeploymentName(store *v1.Store) string { diff --git a/internal/deployment/storefront.go b/internal/deployment/storefront.go index e650e8e..3c012d6 100644 --- a/internal/deployment/storefront.go +++ b/internal/deployment/storefront.go @@ -81,7 +81,7 @@ func StorefrontDeployment(store *v1.Store) *appsv1.Deployment { Resources: store.Spec.Container.Resources, }) - return &appsv1.Deployment{ + deployment := &appsv1.Deployment{ TypeMeta: metav1.TypeMeta{ Kind: "Deployment", APIVersion: "apps/v1", @@ -128,6 +128,12 @@ func StorefrontDeployment(store *v1.Store) *appsv1.Deployment { }, }, } + + if store.Spec.ServiceAccountName != "" { + deployment.Spec.Template.Spec.ServiceAccountName = store.Spec.ServiceAccountName + } + + return deployment } func GetStorefrontDeploymentName(store *v1.Store) string { diff --git a/internal/deployment/worker.go b/internal/deployment/worker.go index 8c54f9a..0a1d4f8 100644 --- a/internal/deployment/worker.go +++ b/internal/deployment/worker.go @@ -63,7 +63,7 @@ func WorkerDeployment(store *v1.Store) *appsv1.Deployment { Resources: store.Spec.Container.Resources, }) - return &appsv1.Deployment{ + deployment := &appsv1.Deployment{ TypeMeta: metav1.TypeMeta{ Kind: "Deployment", APIVersion: "apps/v1", @@ -110,6 +110,12 @@ func WorkerDeployment(store *v1.Store) *appsv1.Deployment { }, }, } + + if store.Spec.ServiceAccountName != "" { + deployment.Spec.Template.Spec.ServiceAccountName = store.Spec.ServiceAccountName + } + + return deployment } func GetWorkerDeploymentName(store *v1.Store) string { diff --git a/internal/job/migration.go b/internal/job/migration.go index e62f869..f2fe039 100644 --- a/internal/job/migration.go +++ b/internal/job/migration.go @@ -65,7 +65,7 @@ func MigrationJob(store *v1.Store) *batchv1.Job { Env: store.GetEnv(), }) - return &batchv1.Job{ + job := &batchv1.Job{ TypeMeta: metav1.TypeMeta{ Kind: "Job", APIVersion: "batch/v1"}, @@ -95,6 +95,12 @@ func MigrationJob(store *v1.Store) *batchv1.Job { }, }, } + + if store.Spec.ServiceAccountName != "" { + job.Spec.Template.Spec.ServiceAccountName = store.Spec.ServiceAccountName + } + + return job } func MigrateJobName(store *v1.Store) string { diff --git a/internal/job/setup.go b/internal/job/setup.go index 30453dc..ba5a592 100644 --- a/internal/job/setup.go +++ b/internal/job/setup.go @@ -67,7 +67,7 @@ func SetupJob(store *v1.Store) *batchv1.Job { Env: envs, }) - return &batchv1.Job{ + job := &batchv1.Job{ TypeMeta: metav1.TypeMeta{ Kind: "Job", APIVersion: "batch/v1", @@ -98,6 +98,12 @@ func SetupJob(store *v1.Store) *batchv1.Job { }, }, } + + if store.Spec.ServiceAccountName != "" { + job.Spec.Template.Spec.ServiceAccountName = store.Spec.ServiceAccountName + } + + return job } func GetSetupJobName(store *v1.Store) string {