diff --git a/cmd/helm/init.go b/cmd/helm/init.go index a2bec7a65..ff1d56288 100644 --- a/cmd/helm/init.go +++ b/cmd/helm/init.go @@ -66,17 +66,18 @@ var ( ) type initCmd struct { - image string - clientOnly bool - canary bool - upgrade bool - namespace string - dryRun bool - skipRefresh bool - out io.Writer - home helmpath.Home - opts installer.Options - kubeClient internalclientset.Interface + image string + clientOnly bool + canary bool + upgrade bool + namespace string + dryRun bool + skipRefresh bool + out io.Writer + home helmpath.Home + opts installer.Options + kubeClient internalclientset.Interface + serviceAccount string } func newInitCmd(out io.Writer) *cobra.Command { @@ -116,6 +117,7 @@ func newInitCmd(out io.Writer) *cobra.Command { f.StringVar(&localRepositoryURL, "local-repo-url", localRepositoryURL, "URL for local repository") f.BoolVar(&i.opts.EnableHostNetwork, "net-host", false, "install tiller with net=host") + f.StringVar(&i.serviceAccount, "service-account", "", "name of service account") return cmd } @@ -154,6 +156,7 @@ func (i *initCmd) run() error { i.opts.Namespace = i.namespace i.opts.UseCanary = i.canary i.opts.ImageSpec = i.image + i.opts.ServiceAccount = i.serviceAccount if settings.Debug { writeYAMLManifest := func(apiVersion, kind, body string, first, last bool) error { diff --git a/cmd/helm/installer/install.go b/cmd/helm/installer/install.go index 90e832b07..d3c9217be 100644 --- a/cmd/helm/installer/install.go +++ b/cmd/helm/installer/install.go @@ -131,6 +131,7 @@ func generateDeployment(opts *Options) *extensions.Deployment { Labels: labels, }, Spec: api.PodSpec{ + ServiceAccountName: opts.ServiceAccount, Containers: []api.Container{ { Name: "tiller", diff --git a/cmd/helm/installer/install_test.go b/cmd/helm/installer/install_test.go index 63f8419b3..be3ef151f 100644 --- a/cmd/helm/installer/install_test.go +++ b/cmd/helm/installer/install_test.go @@ -70,6 +70,34 @@ func TestDeploymentManifest(t *testing.T) { } } +func TestDeploymentManifestForServiceAccount(t *testing.T) { + tests := []struct { + name string + image string + canary bool + expect string + imagePullPolicy api.PullPolicy + serviceAccount string + }{ + {"withSA", "", false, "gcr.io/kubernetes-helm/tiller:latest", "IfNotPresent", "service-account"}, + {"withoutSA", "", false, "gcr.io/kubernetes-helm/tiller:latest", "IfNotPresent", ""}, + } + for _, tt := range tests { + o, err := DeploymentManifest(&Options{Namespace: api.NamespaceDefault, ImageSpec: tt.image, UseCanary: tt.canary, ServiceAccount: tt.serviceAccount}) + if err != nil { + t.Fatalf("%s: error %q", tt.name, err) + } + + var d extensions.Deployment + if err := yaml.Unmarshal([]byte(o), &d); err != nil { + t.Fatalf("%s: error %q", tt.name, err) + } + if got := d.Spec.Template.Spec.ServiceAccountName; got != tt.serviceAccount { + t.Errorf("%s: expected service account value %q, got %q", tt.name, tt.serviceAccount, got) + } + } +} + func TestDeploymentManifest_WithTLS(t *testing.T) { tests := []struct { opts Options diff --git a/cmd/helm/installer/options.go b/cmd/helm/installer/options.go index eb9519f5d..6fb804a46 100644 --- a/cmd/helm/installer/options.go +++ b/cmd/helm/installer/options.go @@ -43,6 +43,9 @@ type Options struct { // Namespace is the kubernetes namespace to use to deploy tiller. Namespace string + // ServiceAccount is the Kubernetes service account to add to tiller + ServiceAccount string + // ImageSpec indentifies the image tiller will use when deployed. // // Valid if and only if UseCanary is false. diff --git a/docs/helm/helm_init.md b/docs/helm/helm_init.md index 3fe94b79c..e21121dcd 100644 --- a/docs/helm/helm_init.md +++ b/docs/helm/helm_init.md @@ -38,6 +38,7 @@ helm init --dry-run do not install local or remote --local-repo-url string URL for local repository (default "http://127.0.0.1:8879/charts") --net-host install tiller with net=host + --service-account string name of service account --skip-refresh do not refresh (download) the local repository cache --stable-repo-url string URL for stable repository (default "https://kubernetes-charts.storage.googleapis.com") -i, --tiller-image string override tiller image @@ -62,4 +63,4 @@ helm init ### SEE ALSO * [helm](helm.md) - The Helm package manager for Kubernetes. -###### Auto generated by spf13/cobra on 18-Apr-2017 +###### Auto generated by spf13/cobra on 1-May-2017 diff --git a/docs/man/man1/helm_init.1 b/docs/man/man1/helm_init.1 index 9fea8ba40..e92c51f76 100644 --- a/docs/man/man1/helm_init.1 +++ b/docs/man/man1/helm_init.1 @@ -1,4 +1,4 @@ -.TH "HELM" "1" "Apr 2017" "Auto generated by spf13/cobra" "" +.TH "HELM" "1" "May 2017" "Auto generated by spf13/cobra" "" .nh .ad l @@ -61,6 +61,10 @@ To dump a manifest containing the Tiller deployment YAML, combine the \fB\-\-net\-host\fP[=false] install tiller with net=host +.PP +\fB\-\-service\-account\fP="" + name of service account + .PP \fB\-\-skip\-refresh\fP[=false] do not refresh (download) the local repository cache @@ -128,4 +132,4 @@ To dump a manifest containing the Tiller deployment YAML, combine the .SH HISTORY .PP -18\-Apr\-2017 Auto generated by spf13/cobra +1\-May\-2017 Auto generated by spf13/cobra diff --git a/scripts/completions.bash b/scripts/completions.bash index 6d92d6324..361e67a62 100644 --- a/scripts/completions.bash +++ b/scripts/completions.bash @@ -640,6 +640,8 @@ _helm_init() local_nonpersistent_flags+=("--local-repo-url=") flags+=("--net-host") local_nonpersistent_flags+=("--net-host") + flags+=("--service-account=") + local_nonpersistent_flags+=("--service-account=") flags+=("--skip-refresh") local_nonpersistent_flags+=("--skip-refresh") flags+=("--stable-repo-url=")