exposed service account name for tcp pods #441
Conversation
✅ Deploy Preview for kamaji-documentation ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
cmd/manager/cmd.go
Outdated
| handlers.TenantControlPlaneDefaults{DefaultDatastore: datastore}, | ||
| handlers.TenantControlPlaneDefaults{ | ||
| DefaultDatastore: datastore, | ||
| DefaultServiceAccount: serviceAccount, |
There was a problem hiding this comment.
No need for this, it can be achieved with the kubebuilder marker, see previous comment.
There was a problem hiding this comment.
I believe I made a follow up comment about this and you didn't comment on it afterwards so I supposed you were ok with it, but apparently not.
The reason behind this was to be able to use a specific service account to be considered as "default" by Kamaji, and that can be different from the actual default service account. This can be handy when we use the management cluster for something other than just running Kamaji at the same time.
This will have no effects on the users that do not need this since it will be set to "default" by default.
There was a problem hiding this comment.
I get your point, and sorry if I missed the discussion: too many things happening at the same time.
I would avoid this kind of flag, and rely on configuration over convention: it means that if you need to configure a specific ServiceAccount other tools can be used to enforce this behaviour, such as Kyverno policies, or ClusterClass in terms of Cluster API.
hamza-boudouche
force-pushed
the
feat/pod-service-account-name
branch
from
962848d
to
edc6595
Compare
|
@hamza-boudouche sorry, some conflicts must be resolved since another PR of yours has been merged. Once solved, getting ready to get it merged! |
434