Add ability to specify custom service accounts (#198)

* Add ability to specify a custom service account

* Add docs

api/v1/chiacommon_types.go

@@ -35,6 +35,10 @@ type CommonSpec struct {
 	// +optional
 	ImagePullSecrets *[]corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
 
+	// ServiceAccountName is an optional name of a Service Account in the target namespace to use for this Chia deployment
+	// +optional
+	ServiceAccountName *string `json:"serviceAccountName,omitempty"`
+
 	// NodeSelector selects a node by key value pairs
 	// +optional
 	NodeSelector map[string]string `json:"nodeSelector,omitempty"`

config/crd/bases/k8s.chia.net_chiacrawlers.yaml

@@ -5443,6 +5443,10 @@ spec:
                         type: string
                     type: object
                 type: object
+              serviceAccountName:
+                description: ServiceAccountName is an optional name of a Service Account
+                  in the target namespace to use for this Chia deployment
+                type: string
               sidecars:
                 description: Sidecars allows defining a list of containers and volumes
                   that will share the kubernetes Pod alongside a Chia container

config/crd/bases/k8s.chia.net_chiafarmers.yaml

@@ -5467,6 +5467,10 @@ spec:
                         type: string
                     type: object
                 type: object
+              serviceAccountName:
+                description: ServiceAccountName is an optional name of a Service Account
+                  in the target namespace to use for this Chia deployment
+                type: string
               sidecars:
                 description: Sidecars allows defining a list of containers and volumes
                   that will share the kubernetes Pod alongside a Chia container

config/crd/bases/k8s.chia.net_chiaharvesters.yaml

@@ -5451,6 +5451,10 @@ spec:
                         type: string
                     type: object
                 type: object
+              serviceAccountName:
+                description: ServiceAccountName is an optional name of a Service Account
+                  in the target namespace to use for this Chia deployment
+                type: string
               sidecars:
                 description: Sidecars allows defining a list of containers and volumes
                   that will share the kubernetes Pod alongside a Chia container

config/crd/bases/k8s.chia.net_chiaintroducers.yaml

@@ -5443,6 +5443,10 @@ spec:
                         type: string
                     type: object
                 type: object
+              serviceAccountName:
+                description: ServiceAccountName is an optional name of a Service Account
+                  in the target namespace to use for this Chia deployment
+                type: string
               sidecars:
                 description: Sidecars allows defining a list of containers and volumes
                   that will share the kubernetes Pod alongside a Chia container

config/crd/bases/k8s.chia.net_chianodes.yaml

@@ -5522,6 +5522,10 @@ spec:
                   Statefulset. defaults to 1.
                 format: int32
                 type: integer
+              serviceAccountName:
+                description: ServiceAccountName is an optional name of a Service Account
+                  in the target namespace to use for this Chia deployment
+                type: string
               sidecars:
                 description: Sidecars allows defining a list of containers and volumes
                   that will share the kubernetes Pod alongside a Chia container

config/crd/bases/k8s.chia.net_chiaseeders.yaml

@@ -5537,6 +5537,10 @@ spec:
                         type: string
                     type: object
                 type: object
+              serviceAccountName:
+                description: ServiceAccountName is an optional name of a Service Account
+                  in the target namespace to use for this Chia deployment
+                type: string
               sidecars:
                 description: Sidecars allows defining a list of containers and volumes
                   that will share the kubernetes Pod alongside a Chia container

config/crd/bases/k8s.chia.net_chiatimelords.yaml

@@ -5515,6 +5515,10 @@ spec:
                         type: string
                     type: object
                 type: object
+              serviceAccountName:
+                description: ServiceAccountName is an optional name of a Service Account
+                  in the target namespace to use for this Chia deployment
+                type: string
               sidecars:
                 description: Sidecars allows defining a list of containers and volumes
                   that will share the kubernetes Pod alongside a Chia container

config/crd/bases/k8s.chia.net_chiawallets.yaml

@@ -5473,6 +5473,10 @@ spec:
                         type: string
                     type: object
                 type: object
+              serviceAccountName:
+                description: ServiceAccountName is an optional name of a Service Account
+                  in the target namespace to use for this Chia deployment
+                type: string
               sidecars:
                 description: Sidecars allows defining a list of containers and volumes
                   that will share the kubernetes Pod alongside a Chia container

docs/all.md

@@ -200,3 +200,12 @@ If you need to specify your image pull policy for container images:
 spec:
   imagePullPolicy: "IfNotPresent"
 ```
+
+## Specify a Service Account
+
+If you need to specify an existing ServiceAccount for your chia deployments, you can do so. This assumes the ServiceAccount already exists in the same namespace as this Chia resource, it won't create one for you.
+
+```yaml
+spec:
+  serviceAccountName: "my-service-account"
+```

internal/controller/chiacrawler/assemblers.go

@@ -261,6 +261,10 @@ func assembleDeployment(crawler k8schianetv1.ChiaCrawler, fullNodePort int32, ne
 		},
 	}
 
+	if crawler.Spec.ServiceAccountName != nil && *crawler.Spec.ServiceAccountName != "" {
+		deploy.Spec.Template.Spec.ServiceAccountName = *crawler.Spec.ServiceAccountName
+	}
+
 	chiaContainer, err := assembleChiaContainer(crawler, fullNodePort, networkData)
 	if err != nil {
 		return appsv1.Deployment{}, err
@@ -298,7 +302,7 @@ func assembleDeployment(crawler k8schianetv1.ChiaCrawler, fullNodePort int32, ne
 		deploy.Spec.Template.Spec.SecurityContext = crawler.Spec.PodSecurityContext
 	}
 
-	// TODO add pod affinity, tolerations
+	// TODO add pod tolerations
 
 	return deploy, nil
 }

internal/controller/chiafarmer/assemblers.go

@@ -261,6 +261,10 @@ func assembleDeployment(farmer k8schianetv1.ChiaFarmer, networkData *map[string]
 		},
 	}
 
+	if farmer.Spec.ServiceAccountName != nil && *farmer.Spec.ServiceAccountName != "" {
+		deploy.Spec.Template.Spec.ServiceAccountName = *farmer.Spec.ServiceAccountName
+	}
+
 	chiaContainer, err := assembleChiaContainer(farmer, networkData)
 	if err != nil {
 		return appsv1.Deployment{}, err
@@ -298,7 +302,7 @@ func assembleDeployment(farmer k8schianetv1.ChiaFarmer, networkData *map[string]
 		deploy.Spec.Template.Spec.SecurityContext = farmer.Spec.PodSecurityContext
 	}
 
-	// TODO add pod affinity, tolerations
+	// TODO add pod tolerations
 
 	return deploy, nil
 }

internal/controller/chiaharvester/assemblers.go

@@ -261,6 +261,10 @@ func assembleDeployment(harvester k8schianetv1.ChiaHarvester, networkData *map[s
 		},
 	}
 
+	if harvester.Spec.ServiceAccountName != nil && *harvester.Spec.ServiceAccountName != "" {
+		deploy.Spec.Template.Spec.ServiceAccountName = *harvester.Spec.ServiceAccountName
+	}
+
 	chiaContainer, err := assembleChiaContainer(harvester, networkData)
 	if err != nil {
 		return appsv1.Deployment{}, err
@@ -298,7 +302,7 @@ func assembleDeployment(harvester k8schianetv1.ChiaHarvester, networkData *map[s
 		deploy.Spec.Template.Spec.SecurityContext = harvester.Spec.PodSecurityContext
 	}
 
-	// TODO add pod affinity, tolerations
+	// TODO add pod tolerations
 
 	return deploy, nil
 }

internal/controller/chiaharvester/helpers.go

@@ -150,7 +150,7 @@ func getChiaEnv(harvester k8schianetv1.ChiaHarvester, networkData *map[string]st
 	})
 
 	// recursive_plot_scan env var -- needed because all plot drives are just mounted as subdirs under `/plots`.
-	// TODO make plot mount paths configurable -- make this var optional
+	// TODO should we make plot mount paths configurable -- making this var optional? Is there a major con to using the recursive plot scan feature?
 	env = append(env, corev1.EnvVar{
 		Name:  "recursive_plot_scan",
 		Value: "true",

internal/controller/chiaintroducer/assemblers.go

@@ -218,6 +218,10 @@ func assembleDeployment(introducer k8schianetv1.ChiaIntroducer, fullNodePort int
 		},
 	}
 
+	if introducer.Spec.ServiceAccountName != nil && *introducer.Spec.ServiceAccountName != "" {
+		deploy.Spec.Template.Spec.ServiceAccountName = *introducer.Spec.ServiceAccountName
+	}
+
 	chiaContainer, err := assembleChiaContainer(introducer, fullNodePort, networkData)
 	if err != nil {
 		return appsv1.Deployment{}, err
@@ -255,7 +259,7 @@ func assembleDeployment(introducer k8schianetv1.ChiaIntroducer, fullNodePort int
 		deploy.Spec.Template.Spec.SecurityContext = introducer.Spec.PodSecurityContext
 	}
 
-	// TODO add pod affinity, tolerations
+	// TODO add pod tolerations
 
 	return deploy, nil
 }

internal/controller/chianode/assemblers.go

@@ -281,7 +281,6 @@ func assembleStatefulset(ctx context.Context, node k8schianetv1.ChiaNode, fullNo
 					Annotations: node.Spec.AdditionalMetadata.Annotations,
 				},
 				Spec: corev1.PodSpec{
-					// TODO add: serviceAccountName config
 					Affinity:     node.Spec.Affinity,
 					NodeSelector: node.Spec.NodeSelector,
 					Volumes:      vols,
@@ -291,6 +290,10 @@ func assembleStatefulset(ctx context.Context, node k8schianetv1.ChiaNode, fullNo
 		},
 	}
 
+	if node.Spec.ServiceAccountName != nil && *node.Spec.ServiceAccountName != "" {
+		stateful.Spec.Template.Spec.ServiceAccountName = *node.Spec.ServiceAccountName
+	}
+
 	chiaContainer, err := assembleChiaContainer(ctx, node, fullNodePort, networkData)
 	if err != nil {
 		return appsv1.StatefulSet{}, err
@@ -331,7 +334,7 @@ func assembleStatefulset(ctx context.Context, node k8schianetv1.ChiaNode, fullNo
 		stateful.Spec.Template.Spec.SecurityContext = node.Spec.PodSecurityContext
 	}
 
-	// TODO add pod affinity, tolerations
+	// TODO add pod tolerations
 
 	return stateful, nil
 }

internal/controller/chiaseeder/assemblers.go

@@ -320,6 +320,10 @@ func assembleDeployment(seeder k8schianetv1.ChiaSeeder, fullNodePort int32, netw
 		},
 	}
 
+	if seeder.Spec.ServiceAccountName != nil && *seeder.Spec.ServiceAccountName != "" {
+		deploy.Spec.Template.Spec.ServiceAccountName = *seeder.Spec.ServiceAccountName
+	}
+
 	chiaContainer, err := assembleChiaContainer(seeder, fullNodePort, networkData)
 	if err != nil {
 		return appsv1.Deployment{}, err
@@ -359,7 +363,7 @@ func assembleDeployment(seeder k8schianetv1.ChiaSeeder, fullNodePort int32, netw
 		deploy.Spec.Template.Spec.SecurityContext = seeder.Spec.PodSecurityContext
 	}
 
-	// TODO add pod affinity, tolerations
+	// TODO add pod tolerations
 
 	return deploy, nil
 }

internal/controller/chiatimelord/assemblers.go

@@ -296,6 +296,10 @@ func assembleDeployment(tl k8schianetv1.ChiaTimelord, networkData *map[string]st
 		},
 	}
 
+	if tl.Spec.ServiceAccountName != nil && *tl.Spec.ServiceAccountName != "" {
+		deploy.Spec.Template.Spec.ServiceAccountName = *tl.Spec.ServiceAccountName
+	}
+
 	chiaContainer, err := assembleChiaContainer(tl, networkData)
 	if err != nil {
 		return appsv1.Deployment{}, err
@@ -336,7 +340,7 @@ func assembleDeployment(tl k8schianetv1.ChiaTimelord, networkData *map[string]st
 		deploy.Spec.Template.Spec.SecurityContext = tl.Spec.PodSecurityContext
 	}
 
-	// TODO add pod affinity, tolerations
+	// TODO add pod tolerations
 
 	return deploy, nil
 }

internal/controller/chiawallet/assemblers.go

@@ -261,6 +261,10 @@ func assembleDeployment(ctx context.Context, wallet k8schianetv1.ChiaWallet, net
 		},
 	}
 
+	if wallet.Spec.ServiceAccountName != nil && *wallet.Spec.ServiceAccountName != "" {
+		deploy.Spec.Template.Spec.ServiceAccountName = *wallet.Spec.ServiceAccountName
+	}
+
 	chiaContainer, err := assembleChiaContainer(ctx, wallet, networkData)
 	if err != nil {
 		return appsv1.Deployment{}, err
@@ -298,7 +302,7 @@ func assembleDeployment(ctx context.Context, wallet k8schianetv1.ChiaWallet, net
 		deploy.Spec.Template.Spec.SecurityContext = wallet.Spec.PodSecurityContext
 	}
 
-	// TODO add pod affinity, tolerations
+	// TODO add pod tolerations
 
 	return deploy, nil
 }

internal/controller/suite_test.go

@@ -57,7 +57,7 @@ func TestAPIs(t *testing.T) {
 var _ = BeforeSuite(func() {
 	logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true)))
 
-	ctx, cancel = context.WithCancel(context.TODO())
+	ctx, cancel = context.WithCancel(context.Background())
 
 	By("bootstrapping test environment")
 	testEnv = &envtest.Environment{