()
| 214 | } |
| 215 | |
| 216 | func (c *Controller) initPodServiceAccount() { |
| 217 | |
| 218 | if c.opConfig.PodServiceAccountDefinition == "" { |
| 219 | stringValue := ` |
| 220 | { |
| 221 | "apiVersion": "v1", |
| 222 | "kind": "ServiceAccount", |
| 223 | "metadata": { |
| 224 | "name": "postgres-pod" |
| 225 | } |
| 226 | }` |
| 227 | |
| 228 | c.opConfig.PodServiceAccountDefinition = compactValue(stringValue) |
| 229 | |
| 230 | } |
| 231 | |
| 232 | // re-uses k8s internal parsing. See k8s client-go issue #193 for explanation |
| 233 | decode := scheme.Codecs.UniversalDeserializer().Decode |
| 234 | obj, groupVersionKind, err := decode([]byte(c.opConfig.PodServiceAccountDefinition), nil, nil) |
| 235 | |
| 236 | switch { |
| 237 | case err != nil: |
| 238 | panic(fmt.Errorf("Unable to parse pod service account definition from the operator configuration: %v", err)) |
| 239 | case groupVersionKind.Kind != "ServiceAccount": |
| 240 | panic(fmt.Errorf("pod service account definition in the operator configuration defines another type of resource: %v", groupVersionKind.Kind)) |
| 241 | default: |
| 242 | c.PodServiceAccount = obj.(*v1.ServiceAccount) |
| 243 | if c.PodServiceAccount.Name != c.opConfig.PodServiceAccountName { |
| 244 | c.logger.Warnf("in the operator configuration, the pod service account name %v does not match the name %v given in the account definition; using the former for consistency", c.opConfig.PodServiceAccountName, c.PodServiceAccount.Name) |
| 245 | c.PodServiceAccount.Name = c.opConfig.PodServiceAccountName |
| 246 | } |
| 247 | c.PodServiceAccount.Namespace = "" |
| 248 | } |
| 249 | |
| 250 | // actual service accounts are deployed at the time of Postgres/Spilo cluster creation |
| 251 | } |
| 252 | |
| 253 | func (c *Controller) initRoleBinding() { |
| 254 |
no test coverage detected