Merge pull request #347 from HubertStefanski/conditional-sa-creation

INTLY-10438 - Implement conditional serviceaccount creation
grafana · Feb 11, 2021 · c2edc90 · c2edc90
2 parents 29d66c6 + 80f4adf
commit c2edc90
Show file tree

Hide file tree

Showing 5 changed files with 43 additions and 8 deletions.
diff --git a/deploy/crds/Grafana.yaml b/deploy/crds/Grafana.yaml
@@ -127,9 +127,13 @@ spec:
                 priorityClassName:
                   type: string
                   description: Pod priority class name
+
             serviceAccount:
               type: object
               properties:
+                skip:
+                  type: boolean
+                  description: Disable ServiceAccount creation for grafana
                 annotations:
                   type: object
                   description: Additional annotations for the serviceaccount

diff --git a/documentation/deploy_grafana.md b/documentation/deploy_grafana.md
@@ -176,7 +176,7 @@ The resource accepts the following properties in it's `spec`:
 
 * ***service***: Allows configuring the Service resource (see [here](#configuring-the-service)).
 
-* ***serviceAccount***: Allows adding extra labels and annotations to the Grafana service account.
+* ***serviceAccount***: Allows configuring the Service account (see [here](#configuring-the-serviceaccount)).
 
 * ***deployment***: Allows configuring the deployment (see [here](#configuring-the-deployment)).
 
@@ -191,6 +191,7 @@ The resource accepts the following properties in it's `spec`:
 * ***readinessProbeSpec***: Defines the time, in seconds, to be used for each field in the readiness probe
   configuration ( see [here](#configuring-readinessliveness-probes))
 
+
 *NOTE*: by default no Ingress or Route is created. It can be enabled with `spec.ingress.enabled`.
 
 To create a new Grafana instance in the `grafana` namespace, run:
@@ -236,6 +237,26 @@ spec:
     path:                   # Sets the path of the Ingress. Ignored for Routes
 ```
 
+## Configuring the ServiceAccount
+
+```yaml
+spec:
+  serviceAccount:
+    type: object
+    properties:
+      skip:
+        type: boolean
+        description: setting this to `True` will stop the operator from reconciling the `grafana-serviceaccount`
+                    serviceaccount, Leaving this field empty is equivalent to setting it to`False`
+      annotations:
+        type: object
+        description: Additional annotations for the serviceaccount
+      labels:
+        type: object
+        description: Additional labels for the serviceaccount
+``` 
+**Note:* the operator will still
+reconcile the `grafana-operator` `serviceaccount when spec.ServiceAccount.skip == True`*.
 ## Configuring the Service
 
 Various properties of the Service can be configured:
@@ -258,12 +279,11 @@ spec:
         targetPort: ...
 
 ```
-NOTE: Service name must adhere to a DNS-1035 label which must consist of lower case alphanumeric
-characters or '-', start with an alphabetic character, and end with an
-alphanumeric character (e.g. 'my-name',  or 'abc-123', regex used for validation is `'[a-z]([-a-z0-9]*[a-z0-9])?`.
-If the name doesn't match this RegEx, the operator will fail to create the new service, however, the old service will still
-remain available until a new one is created.
 
+NOTE: Service name must adhere to a DNS-1035 label which must consist of lower case alphanumeric characters or '-',
+start with an alphabetic character, and end with an alphanumeric character (e.g. 'my-name', or 'abc-123', regex used for
+validation is `'[a-z]([-a-z0-9]*[a-z0-9])?`. If the name doesn't match this RegEx, the operator will fail to create the
+new service, however, the old service will still remain available until a new one is created.
 
 ## Configuring the Deployment
 

diff --git a/pkg/apis/integreatly/v1alpha1/grafana_types.go b/pkg/apis/integreatly/v1alpha1/grafana_types.go
@@ -78,11 +78,12 @@ type GrafanaDataStorage struct {
 	Annotations map[string]string               `json:"annotations,omitempty"`
 	Labels      map[string]string               `json:"labels,omitempty"`
 	AccessModes []v1.PersistentVolumeAccessMode `json:"accessModes,omitempty"`
-	Size        resource.Quantity               `json:"size"`
-	Class       string                          `json:"class"`
+	Size        resource.Quantity               `json:"size,omitempty"`
+	Class       string                          `json:"class,omitempty"`
 }
 
 type GrafanaServiceAccount struct {
+	Skip             *bool                     `json:"skip,omitempty"`
 	Annotations      map[string]string         `json:"annotations,omitempty"`
 	Labels           map[string]string         `json:"labels,omitempty"`
 	ImagePullSecrets []v1.LocalObjectReference `json:"imagePullSecrets,omitempty"`

diff --git a/pkg/apis/integreatly/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/integreatly/v1alpha1/zz_generated.deepcopy.go
diff --git a/pkg/controller/grafana/grafana_reconciler.go b/pkg/controller/grafana/grafana_reconciler.go
@@ -132,6 +132,10 @@ func (i *GrafanaReconciler) getGrafanaDataPvcDesiredState(state *common.ClusterS
 }
 
 func (i *GrafanaReconciler) getGrafanaServiceAccountDesiredState(state *common.ClusterState, cr *v1alpha1.Grafana) common.ClusterAction {
+
+	if cr.Spec.ServiceAccount != nil && cr.Spec.ServiceAccount.Skip != nil && *cr.Spec.ServiceAccount.Skip == true {
+		return nil
+	}
 	if state.GrafanaServiceAccount == nil {
 		return common.GenericCreateAction{
 			Ref: model.GrafanaServiceAccount(cr),
@@ -143,6 +147,7 @@ func (i *GrafanaReconciler) getGrafanaServiceAccountDesiredState(state *common.C
 		Ref: model.GrafanaServiceAccountReconciled(cr, state.GrafanaServiceAccount),
 		Msg: "update grafana service account",
 	}
+
 }
 
 func (i *GrafanaReconciler) getGrafanaConfigDesiredState(state *common.ClusterState, cr *v1alpha1.Grafana) []common.ClusterAction {