use serviceaccount for helper pod

update deployment yaml Add missing registry secret file Rebase

use serviceaccount for helper pod
b44b2c3b · Helge Waastad · Sheng Yang · e4dfa34a · b44b2c3b · b44b2c3b
Commit b44b2c3b authored Aug 17, 2020 by Helge Waastad Committed by Sheng Yang Aug 28, 2020
--- a/deploy/chart/templates/_helpers.tpl
+++ b/deploy/chart/templates/_helpers.tpl
@@ -65,3 +65,7 @@ Create the name of the provisioner to use.
 cluster.local/{{ template "local-path-provisioner.fullname" . -}}
 {{- end -}}
 {{- end -}}
+
+{{- define "local-path-provisioner.secret" }}
+{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.privateRegistry.registryUrl (printf "%s:%s" .Values.privateRegistry.registryUser .Values.privateRegistry.registryPasswd | b64enc) | b64enc }}
+{{- end }}
--- a/deploy/chart/templates/deployment.yaml
+++ b/deploy/chart/templates/deployment.yaml
@@ -23,7 +23,11 @@ spec:
      serviceAccountName: {{ template "local-path-provisioner.serviceAccountName" . }}
      containers:
        - name: {{ .Chart.Name }}
+        {{- if .Values.privateRegistry.registryUrl }}
+          image: "{{ .Values.privateRegistry.registryUrl }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        {{- else }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        {{- end }}
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          command:
            - local-path-provisioner
@@ -31,10 +35,16 @@ spec:
            - start
            - --config
            - /etc/config/config.json
+            - --service-account-name
+            - {{ template "local-path-provisioner.serviceAccountName" . }}
            - --provisioner-name
            - {{ template "local-path-provisioner.provisionerName" . }}
            - --helper-image
+          {{- if .Values.privateRegistry.registryUrl }}
+            - "{{ .Values.privateRegistry.registryUrl }}/{{ .Values.helperImage.repository }}:{{ .Values.helperImage.tag }}"
+          {{- else }}
            - "{{ .Values.helperImage.repository }}:{{ .Values.helperImage.tag }}"
+          {{- end }}
            - --configmap-name
            - {{ .Values.configmap.name }}
          volumeMounts:

--- a/deploy/chart/templates/registry-secret.yaml
+++ b/deploy/chart/templates/registry-secret.yaml
+{{- if .Values.defaultSettings.registrySecret }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.defaultSettings.registrySecret }}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "local-path-provisioner.secret" . }}
+{{- end }}
\ No newline at end of file
--- a/deploy/chart/templates/serviceaccount.yaml
+++ b/deploy/chart/templates/serviceaccount.yaml
@@ -5,4 +5,8 @@ metadata:
  name: {{ include "local-path-provisioner.fullname" . }}
  labels:
 {{ include "local-path-provisioner.labels" . | indent 4 }}
+{{- if .Values.defaultSettings.registrySecret }}
+imagePullSecrets:
+  - name: {{ .Values.defaultSettings.registrySecret }}
+{{- end }}
 {{- end }}
--- a/deploy/chart/values.yaml
+++ b/deploy/chart/values.yaml
@@ -11,6 +11,14 @@ helperImage:
  repository: busybox
  tag: latest

+defaultSettings:
+  registrySecret: ~
+
+privateRegistry:
+  registryUrl: ~
+  registryUser: ~
+  registryPasswd: ~
+
 imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""

--- a/main.go
+++ b/main.go
@@ -31,6 +31,8 @@ var (
 	FlagHelperImage        = "helper-image"
 	EnvHelperImage         = "HELPER_IMAGE"
 	DefaultHelperImage     = "busybox"
+	FlagServiceAccountName = "service-account-name"
+	EnvServiceAccountName  = "SERVICE_ACCOUNT_NAME"
 	FlagKubeconfig         = "kubeconfig"
 	DefaultConfigFileKey   = "config.json"
 	DefaultConfigMapName   = "local-path-config"
@@ -92,6 +94,11 @@ func StartCmd() cli.Command {
 				Usage: "Required. Specify configmap name.",
 				Value: DefaultConfigMapName,
 			},
+			cli.StringFlag{
+				Name:   FlagServiceAccountName,
+				Usage:  "Required. The ServiceAccountName for deployment",
+				EnvVar: EnvServiceAccountName,
+			},
 		},
 		Action: func(c *cli.Context) {
 			if err := startDaemon(c); err != nil {
@@ -186,7 +193,12 @@ func startDaemon(c *cli.Context) error {
 		return fmt.Errorf("invalid empty flag %v", FlagHelperImage)
 	}

-	provisioner, err := NewProvisioner(stopCh, kubeClient, configFile, namespace, helperImage, configMapName)
+	serviceAccountName := c.String(FlagServiceAccountName)
+	if serviceAccountName == "" {
+		return fmt.Errorf("invalid empty flag %v", FlagServiceAccountName)
+	}
+
+	provisioner, err := NewProvisioner(stopCh, kubeClient, configFile, namespace, helperImage, configMapName, serviceAccountName)
 	if err != nil {
 		return err
 	}

--- a/provisioner.go
+++ b/provisioner.go
@@ -43,6 +43,7 @@ type LocalPathProvisioner struct {
 	kubeClient         *clientset.Clientset
 	namespace          string
 	helperImage        string
+	serviceAccountName string

 	config        *Config
 	configData    *ConfigData
@@ -68,13 +69,14 @@ type Config struct {
 	NodePathMap map[string]*NodePathMap
 }

-func NewProvisioner(stopCh chan struct{}, kubeClient *clientset.Clientset, configFile, namespace, helperImage, configMapName string) (*LocalPathProvisioner, error) {
+func NewProvisioner(stopCh chan struct{}, kubeClient *clientset.Clientset, configFile, namespace, helperImage, configMapName string, serviceAccountName string) (*LocalPathProvisioner, error) {
 	p := &LocalPathProvisioner{
 		stopCh: stopCh,

 		kubeClient:         kubeClient,
 		namespace:          namespace,
 		helperImage:        helperImage,
+		serviceAccountName: serviceAccountName,

 		// config will be updated shortly by p.refreshConfig()
 		config:        nil,
@@ -330,6 +332,7 @@ func (p *LocalPathProvisioner) createHelperPod(action ActionType, cmdsForPath []
 		Spec: v1.PodSpec{
 			RestartPolicy:      v1.RestartPolicyNever,
 			NodeName:           node,
+			ServiceAccountName: p.serviceAccountName,
 			Tolerations: []v1.Toleration{
 				{
 					Operator: v1.TolerationOpExists,