lukaszraczylo/kubernetes-images-sync-operator
1
0
Fork 0
mirror of https://github.com/lukaszraczylo/kubernetes-images-sync-operator.git synced 2026-06-15 00:41:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Ensure that jobs run with the controller service account if no service account is specified.

Browse Source
This commit is contained in:
Lukasz Raczylo
2024-12-19 18:49:59 +00:00
parent 486f8899af
commit b2e96ae07d
5 changed files with 13 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/shared/jobs.go
+8 -2
View File
@@ -2,6 +2,7 @@ package shared
import (
"fmt"
"os"
"strings"
raczylocomv1 "github.com/lukaszraczylo/kubernetes-images-sync-operator/api/raczylo.com/v1"
@@ -19,7 +20,7 @@ type JobParams struct {
Commands []string
EnvVars []corev1.EnvVar
OwnerReferences []metav1.OwnerReference
ServiceAccount string
ServiceAccount string // Can be empty to use controller's service account
ImagePullSecrets []corev1.LocalObjectReference
}
@@ -45,6 +46,11 @@ func CreateJob[T any](params JobParams, setupFunc func(T) []string) *batchv1.Job
}
}
serviceAccount := params.ServiceAccount
if serviceAccount == "" {
serviceAccount = os.Getenv("POD_SERVICE_ACCOUNT")
}
j := &batchv1.Job{
ObjectMeta: metav1.ObjectMeta{
Name: params.Name,
@@ -65,7 +71,7 @@ func CreateJob[T any](params JobParams, setupFunc func(T) []string) *batchv1.Job
},
Spec: corev1.PodSpec{
RestartPolicy: corev1.RestartPolicyOnFailure,
ServiceAccountName: params.ServiceAccount,
ServiceAccountName: serviceAccount,
ImagePullSecrets: params.ImagePullSecrets,
Volumes: volumes,
Containers: []corev1.Container{