diff --git a/controller/cluster_agent.go b/controller/cluster_agent.go index 9265e94..4782e69 100644 --- a/controller/cluster_agent.go +++ b/controller/cluster_agent.go @@ -13,17 +13,6 @@ const ( KubeStateMetricsImage = "ghcr.io/coroot/kube-state-metrics:2.13.0-ubi9-0" ) -func (r *CorootReconciler) clusterAgentServiceAccount(cr *corootv1.Coroot) *corev1.ServiceAccount { - a := &corev1.ServiceAccount{ - ObjectMeta: metav1.ObjectMeta{ - Name: cr.Name + "-cluster-agent", - Namespace: cr.Namespace, - Labels: Labels(cr, "coroot-cluster-agent"), - }, - } - return a -} - func (r *CorootReconciler) clusterAgentClusterRoleBinding(cr *corootv1.Coroot) *rbacv1.ClusterRoleBinding { b := &rbacv1.ClusterRoleBinding{ ObjectMeta: metav1.ObjectMeta{ @@ -115,9 +104,8 @@ func (r *CorootReconciler) clusterAgentDeployment(cr *corootv1.Coroot) *appsv1.D Labels: ls, }, Spec: corev1.PodSpec{ - SecurityContext: nonRootSecurityContext, - ServiceAccountName: cr.Name + "-cluster-agent", - Affinity: cr.Spec.ClusterAgent.Affinity, + SecurityContext: nonRootSecurityContext, + Affinity: cr.Spec.ClusterAgent.Affinity, Containers: []corev1.Container{ { Image: r.getAppImage(cr, AppClusterAgent), diff --git a/controller/controller.go b/controller/controller.go index ecb80a4..d3b5c7b 100644 --- a/controller/controller.go +++ b/controller/controller.go @@ -9,6 +9,7 @@ import ( corev1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/utils/ptr" ctrl "sigs.k8s.io/controller-runtime" @@ -98,10 +99,9 @@ func (r *CorootReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctr r.CreateOrUpdateDaemonSet(ctx, cr, r.nodeAgentDaemonSet(cr)) - r.CreateOrUpdateServiceAccount(ctx, cr, r.clusterAgentServiceAccount(cr)) + r.CreateOrUpdateDeployment(ctx, cr, r.clusterAgentDeployment(cr)) r.CreateOrUpdateClusterRole(ctx, cr, r.clusterAgentClusterRole(cr)) r.CreateOrUpdateClusterRoleBinding(ctx, cr, r.clusterAgentClusterRoleBinding(cr)) - r.CreateOrUpdateDeployment(ctx, cr, r.clusterAgentDeployment(cr)) if cr.Spec.AgentsOnly != nil { // TODO: delete @@ -163,6 +163,8 @@ func (r *CorootReconciler) CreateSecret(ctx context.Context, cr *corootv1.Coroot } func (r *CorootReconciler) CreateOrUpdateDeployment(ctx context.Context, cr *corootv1.Coroot, d *appsv1.Deployment) { + r.CreateOrUpdateServiceAccount(ctx, cr, d.ObjectMeta) + d.Spec.Template.Spec.ServiceAccountName = d.ObjectMeta.Name spec := d.Spec r.CreateOrUpdate(ctx, cr, d, func() error { return Merge(&d.Spec, spec) @@ -170,6 +172,8 @@ func (r *CorootReconciler) CreateOrUpdateDeployment(ctx context.Context, cr *cor } func (r *CorootReconciler) CreateOrUpdateDaemonSet(ctx context.Context, cr *corootv1.Coroot, ds *appsv1.DaemonSet) { + r.CreateOrUpdateServiceAccount(ctx, cr, ds.ObjectMeta) + ds.Spec.Template.Spec.ServiceAccountName = ds.ObjectMeta.Name spec := ds.Spec r.CreateOrUpdate(ctx, cr, ds, func() error { return Merge(&ds.Spec, spec) @@ -177,6 +181,8 @@ func (r *CorootReconciler) CreateOrUpdateDaemonSet(ctx context.Context, cr *coro } func (r *CorootReconciler) CreateOrUpdateStatefulSet(ctx context.Context, cr *corootv1.Coroot, ss *appsv1.StatefulSet) { + r.CreateOrUpdateServiceAccount(ctx, cr, ss.ObjectMeta) + ss.Spec.Template.Spec.ServiceAccountName = ss.ObjectMeta.Name spec := ss.Spec r.CreateOrUpdate(ctx, cr, ss, func() error { volumeClaimTemplates := ss.Spec.VolumeClaimTemplates[:] @@ -202,8 +208,13 @@ func (r *CorootReconciler) CreateOrUpdateService(ctx context.Context, cr *coroot }) } -func (r *CorootReconciler) CreateOrUpdateServiceAccount(ctx context.Context, cr *corootv1.Coroot, s *corev1.ServiceAccount) { - r.CreateOrUpdate(ctx, cr, s, nil) +func (r *CorootReconciler) CreateOrUpdateServiceAccount(ctx context.Context, cr *corootv1.Coroot, om metav1.ObjectMeta) { + sa := &corev1.ServiceAccount{ObjectMeta: metav1.ObjectMeta{ + Name: om.Name, + Namespace: om.Namespace, + Labels: om.Labels, + }} + r.CreateOrUpdate(ctx, cr, sa, nil) } func (r *CorootReconciler) CreateOrUpdateClusterRole(ctx context.Context, cr *corootv1.Coroot, role *rbacv1.ClusterRole) {