Skip to content

Commit

Permalink
Merge pull request #444 from alecmerdler/PROJQUAY-1909
Browse files Browse the repository at this point in the history 
kustomize: use separate ServiceAccount for Quay app pods (PROJQUAY-1909)
  • Loading branch information
@alecmerdler
alecmerdler authored Apr 20, 2021
2 parents 007de38 + 51859ca commit 7f61ec9
Show file tree
Hide file tree
Showing 6 changed files with 7 additions and 47 deletions.
3 changes: 1 addition & 2 deletions kustomize/base/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,7 @@ kind: Kustomization
commonLabels:
app: quay
resources:
- ./quay.role.yaml
- ./quay.rolebinding.yaml
- ./quay.serviceaccount.yaml
- ./quay.deployment.yaml
- ./quay.service.yaml
- ./upgrade.deployment.yaml
Expand Down
1 change: 1 addition & 0 deletions kustomize/base/quay.deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ spec:
labels:
quay-component: quay-app
spec:
serviceAccountName: quay-app
volumes:
- name: configvolume
secret:
Expand Down
31 changes: 0 additions & 31 deletions kustomize/base/quay.role.yaml
View file

This file was deleted.

11 changes: 0 additions & 11 deletions kustomize/base/quay.rolebinding.yaml
View file

This file was deleted.

4 changes: 4 additions & 0 deletions kustomize/base/quay.serviceaccount.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: quay-app
4 changes: 1 addition & 3 deletions pkg/kustomize/kustomize_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ import (
appsv1 "k8s.io/api/apps/v1"
batchv1 "k8s.io/api/batch/v1"
corev1 "k8s.io/api/core/v1"
rbac "k8s.io/api/rbac/v1beta1"
"k8s.io/apimachinery/pkg/api/meta"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"sigs.k8s.io/controller-runtime/pkg/client"
Expand Down Expand Up @@ -205,8 +204,6 @@ func TestFlattenSecret(t *testing.T) {

var quayComponents = map[string][]client.Object{
"base": {
&rbac.Role{ObjectMeta: metav1.ObjectMeta{Name: "quay-serviceaccount"}},
&rbac.RoleBinding{ObjectMeta: metav1.ObjectMeta{Name: "quay-secret-writer"}},
&appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{Name: "quay-app"}},
&appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{Name: "quay-app-upgrade"}},
&appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{Name: "quay-config-editor"}},
Expand All @@ -216,6 +213,7 @@ var quayComponents = map[string][]client.Object{
&corev1.ConfigMap{ObjectMeta: metav1.ObjectMeta{Name: "cluster-service-ca"}},
&corev1.Secret{ObjectMeta: metav1.ObjectMeta{Name: "quay-config-editor-credentials"}},
&corev1.Secret{ObjectMeta: metav1.ObjectMeta{Name: "quay-registry-managed-secret-keys"}},
&corev1.ServiceAccount{ObjectMeta: metav1.ObjectMeta{Name: "quay-app"}},
},
"clair": {
&corev1.Secret{ObjectMeta: metav1.ObjectMeta{Name: "clair-config-secret"}},
Expand Down

0 comments on commit 7f61ec9

Please sign in to comment.