Skip to content

Commit

Permalink
Merge pull request #367 from gianlucam76/serviceaccount
Browse files Browse the repository at this point in the history
Token renewal: specify ServiceAccount
  • Loading branch information
gianlucam76 authored Oct 7, 2024
2 parents d6efc20 + f53e216 commit c9f9be9
Show file tree
Hide file tree
Showing 8 changed files with 102 additions and 2 deletions.
12 changes: 12 additions & 0 deletions api/v1alpha1/sveltoscluster_type.go
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,18 @@ const (
type TokenRequestRenewalOption struct {
// RenewTokenRequestInterval is the interval at which to renew the TokenRequest
RenewTokenRequestInterval metav1.Duration `json:"renewTokenRequestInterval"`

// SANamespace is the namespace of the ServiceAccount to renew the token for.
// If specified, ServiceAccount must exist in the managed cluster.
// If not specified, sveltos will try to deduce it from current kubeconfig
// +optional
SANamespace string `json:"saNamespace,omitempty"`

// SAName is name of the ServiceAccount to renew the token for.
// If specified, ServiceAccount must exist in the managed cluster.
// If not specified, sveltos will try to deduce it from current kubeconfig
// +optional
SAName string `json:"saName,omitempty"`
}

// SveltosClusterSpec defines the desired state of SveltosCluster
Expand Down
4 changes: 4 additions & 0 deletions api/v1alpha1/zz_generated.conversion.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion api/v1alpha1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

12 changes: 12 additions & 0 deletions api/v1beta1/sveltoscluster_type.go
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,18 @@ const (
type TokenRequestRenewalOption struct {
// RenewTokenRequestInterval is the interval at which to renew the TokenRequest
RenewTokenRequestInterval metav1.Duration `json:"renewTokenRequestInterval"`

// SANamespace is the namespace of the ServiceAccount to renew the token for.
// If specified, ServiceAccount must exist in the managed cluster.
// If not specified, sveltos will try to deduce it from current kubeconfig
// +optional
SANamespace string `json:"saNamespace,omitempty"`

// SAName is name of the ServiceAccount to renew the token for.
// If specified, ServiceAccount must exist in the managed cluster.
// If not specified, sveltos will try to deduce it from current kubeconfig
// +optional
SAName string `json:"saName,omitempty"`
}

// SveltosClusterSpec defines the desired state of SveltosCluster
Expand Down
2 changes: 1 addition & 1 deletion api/v1beta1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

24 changes: 24 additions & 0 deletions config/crd/bases/lib.projectsveltos.io_sveltosclusters.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,18 @@ spec:
description: RenewTokenRequestInterval is the interval at which
to renew the TokenRequest
type: string
saName:
description: |-
SAName is name of the ServiceAccount to renew the token for.
If specified, ServiceAccount must exist in the managed cluster.
If not specified, sveltos will try to deduce it from current kubeconfig
type: string
saNamespace:
description: |-
SANamespace is the namespace of the ServiceAccount to renew the token for.
If specified, ServiceAccount must exist in the managed cluster.
If not specified, sveltos will try to deduce it from current kubeconfig
type: string
required:
- renewTokenRequestInterval
type: object
Expand Down Expand Up @@ -240,6 +252,18 @@ spec:
description: RenewTokenRequestInterval is the interval at which
to renew the TokenRequest
type: string
saName:
description: |-
SAName is name of the ServiceAccount to renew the token for.
If specified, ServiceAccount must exist in the managed cluster.
If not specified, sveltos will try to deduce it from current kubeconfig
type: string
saNamespace:
description: |-
SANamespace is the namespace of the ServiceAccount to renew the token for.
If specified, ServiceAccount must exist in the managed cluster.
If not specified, sveltos will try to deduce it from current kubeconfig
type: string
required:
- renewTokenRequestInterval
type: object
Expand Down
24 changes: 24 additions & 0 deletions lib/crd/sveltosclusters.go
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,18 @@ spec:
description: RenewTokenRequestInterval is the interval at which
to renew the TokenRequest
type: string
saName:
description: |-
SAName is name of the ServiceAccount to renew the token for.
If specified, ServiceAccount must exist in the managed cluster.
If not specified, sveltos will try to deduce it from current kubeconfig
type: string
saNamespace:
description: |-
SANamespace is the namespace of the ServiceAccount to renew the token for.
If specified, ServiceAccount must exist in the managed cluster.
If not specified, sveltos will try to deduce it from current kubeconfig
type: string
required:
- renewTokenRequestInterval
type: object
Expand Down Expand Up @@ -258,6 +270,18 @@ spec:
description: RenewTokenRequestInterval is the interval at which
to renew the TokenRequest
type: string
saName:
description: |-
SAName is name of the ServiceAccount to renew the token for.
If specified, ServiceAccount must exist in the managed cluster.
If not specified, sveltos will try to deduce it from current kubeconfig
type: string
saNamespace:
description: |-
SANamespace is the namespace of the ServiceAccount to renew the token for.
If specified, ServiceAccount must exist in the managed cluster.
If not specified, sveltos will try to deduce it from current kubeconfig
type: string
required:
- renewTokenRequestInterval
type: object
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,18 @@ spec:
description: RenewTokenRequestInterval is the interval at which
to renew the TokenRequest
type: string
saName:
description: |-
SAName is name of the ServiceAccount to renew the token for.
If specified, ServiceAccount must exist in the managed cluster.
If not specified, sveltos will try to deduce it from current kubeconfig
type: string
saNamespace:
description: |-
SANamespace is the namespace of the ServiceAccount to renew the token for.
If specified, ServiceAccount must exist in the managed cluster.
If not specified, sveltos will try to deduce it from current kubeconfig
type: string
required:
- renewTokenRequestInterval
type: object
Expand Down Expand Up @@ -239,6 +251,18 @@ spec:
description: RenewTokenRequestInterval is the interval at which
to renew the TokenRequest
type: string
saName:
description: |-
SAName is name of the ServiceAccount to renew the token for.
If specified, ServiceAccount must exist in the managed cluster.
If not specified, sveltos will try to deduce it from current kubeconfig
type: string
saNamespace:
description: |-
SANamespace is the namespace of the ServiceAccount to renew the token for.
If specified, ServiceAccount must exist in the managed cluster.
If not specified, sveltos will try to deduce it from current kubeconfig
type: string
required:
- renewTokenRequestInterval
type: object
Expand Down

0 comments on commit c9f9be9

Please sign in to comment.