Skip to content

Commit

Permalink
Pass a service account to the Kubernetes runner for the task execution
Browse files Browse the repository at this point in the history
  • Loading branch information
@Fryguy
Fryguy committed Oct 12, 2023
1 parent bc28c48 commit 154677e
Showing 1 changed file with 6 additions and 4 deletions.
10 changes: 6 additions & 4 deletions lib/manageiq/providers/workflows/engine.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,12 +41,14 @@ def self.floe_docker_runner
if MiqEnvironment::Command.is_podified?
host = ENV.fetch("KUBERNETES_SERVICE_HOST")
port = ENV.fetch("KUBERNETES_SERVICE_PORT")
sa = ENV.fetch("AUTOMATION_JOB_SERVICE_ACCOUNT", nil)

Floe::Workflow::Runner::Kubernetes.new(
"server" => URI::HTTPS.build(:host => host, :port => port).to_s,
"token_file" => "/run/secrets/kubernetes.io/serviceaccount/token",
"ca_cert" => "/run/secrets/kubernetes.io/serviceaccount/ca.crt",
"namespace" => File.read("/run/secrets/kubernetes.io/serviceaccount/namespace")
"server" => URI::HTTPS.build(:host => host, :port => port).to_s,
"token_file" => "/run/secrets/kubernetes.io/serviceaccount/token",
"ca_cert" => "/run/secrets/kubernetes.io/serviceaccount/ca.crt",
"namespace" => File.read("/run/secrets/kubernetes.io/serviceaccount/namespace"),
"task_service_account" => sa
)
elsif MiqEnvironment::Command.is_appliance? || MiqEnvironment::Command.supports_command?("podman")
options = {}
Expand Down

0 comments on commit 154677e

Please sign in to comment.