Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Kubernetes serviceaccount setting ignored #36089

Closed
dylanenabled opened this issue Sep 22, 2023 · 1 comment · Fixed by #36115
Closed

Kubernetes serviceaccount setting ignored #36089

dylanenabled opened this issue Sep 22, 2023 · 1 comment · Fixed by #36115
Assignees
Labels
area/kubernetes kind/bug Something isn't working
Milestone

Comments

@dylanenabled
Copy link

dylanenabled commented Sep 22, 2023

Describe the bug

Quarkus 3.4.1 (using the quickstart with kubernetes and flyway set)

When I set
quarkus.kubernetes.service-account=my-service-account
in my application.properties the generated build/kubernetes/kubernetes.yml file does not generate the expected result.

It ignores the my-service-account and just uses the project name in the places where the service account should be set.

Expected behavior

Specifically, the build/kubernetes/kubernetes.yml deployment's serviceAccountName field should be my-service-account

serviceAccountName: my-service-account

and the view-job role binding should be bound to my-service-account.

---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: code-with-quarkus-view-jobs
roleRef:
  kind: Role
  apiGroup: rbac.authorization.k8s.io
  name: view-jobs
subjects:
  - kind: ServiceAccount
    apiGroup: ""
    name: my-service-account
---

It should not create a serviceaccount for code-with-quarkus which is not necessary.

Actual behavior

It is ignoring the config and just using the project name as the service account

---
apiVersion: v1
kind: ServiceAccount
metadata:
  annotations:
    app.quarkus.io/build-timestamp: 2023-09-22 - 08:32:40 +0000
  labels:
    app.kubernetes.io/managed-by: quarkus
    app.kubernetes.io/name: code-with-quarkus
    app.kubernetes.io/version: 1.0.0-SNAPSHOT
  name: code-with-quarkus
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: view-jobs
rules:
  - apiGroups:
      - batch
    resources:
      - jobs
    verbs:
      - get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: code-with-quarkus-view-jobs
roleRef:
  kind: Role
  apiGroup: rbac.authorization.k8s.io
  name: view-jobs
subjects:
  - kind: ServiceAccount
    apiGroup: ""
    name: code-with-quarkus
---
apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    app.quarkus.io/build-timestamp: 2023-09-22 - 08:32:40 +0000
  labels:
    app.kubernetes.io/managed-by: quarkus
    app.kubernetes.io/name: code-with-quarkus
    app.kubernetes.io/version: 1.0.0-SNAPSHOT
  name: code-with-quarkus
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: code-with-quarkus
      app.kubernetes.io/version: 1.0.0-SNAPSHOT
  template:
    metadata:
      annotations:
        app.quarkus.io/build-timestamp: 2023-09-22 - 08:32:40 +0000
      labels:
        app.kubernetes.io/managed-by: quarkus
        app.kubernetes.io/name: code-with-quarkus
        app.kubernetes.io/version: 1.0.0-SNAPSHOT
    spec:
      containers:
        - env:
            - name: KUBERNETES_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: QUARKUS_FLYWAY_ENABLED
              value: "false"
          image: dylan/code-with-quarkus:1.0.0-SNAPSHOT
          imagePullPolicy: Always
          name: code-with-quarkus
      initContainers:
        - args:
            - job
            - code-with-quarkus-flyway-init
          image: groundnuty/k8s-wait-for:no-root-v1.7
          imagePullPolicy: IfNotPresent
          name: init
      serviceAccountName: code-with-quarkus
---
apiVersion: batch/v1
kind: Job
metadata:
  name: code-with-quarkus-flyway-init
spec:
  completionMode: NonIndexed
  template:
    metadata: {}
    spec:
      containers:
        - env:
            - name: QUARKUS_FLYWAY_ENABLED
              value: "true"
            - name: QUARKUS_INIT_AND_EXIT
              value: "true"
          image: dylan/code-with-quarkus:1.0.0-SNAPSHOT
          name: code-with-quarkus-flyway-init
      restartPolicy: OnFailure

How to Reproduce?

  1. Create a version 3.4 project from the quick start with the kubernetes and flyway extensions (I used gradle build).
  2. Add a test class to src/java so it compiles
  3. edit the application.properties to add quarkus.kubernetes.service-account=my-service-account
  4. Build
  5. Check the build/kubernetes/kubernetes.yml file

Output of uname -a or ver

Darwin xxx 22.6.0 Darwin Kernel Version 22.6.0: Wed Jul 5 22:21:56 PDT 2023; root:xnu-8796.141.3~6/RELEASE_X86_64 x86_64

Output of java -version

11

GraalVM version (if different from Java)

No response

Quarkus version or git rev

3.4.1

Build tool (ie. output of mvnw --version or gradlew --version)

gradle 8.1.1

Additional information

No response

@dylanenabled dylanenabled added the kind/bug Something isn't working label Sep 22, 2023
@quarkus-bot
Copy link

quarkus-bot bot commented Sep 22, 2023

/cc @geoand (kubernetes), @iocanel (kubernetes)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/kubernetes kind/bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants