From fa0a677aacf90d73514a813cb95c26b122fde5cd Mon Sep 17 00:00:00 2001 From: acmore Date: Wed, 17 Jun 2020 01:49:41 +0800 Subject: [PATCH] Customize service account name. (#8901) --- deploy/ray-operator/Makefile | 2 +- .../ray-operator/api/v1alpha1/raycluster_types.go | 3 +++ .../config/crd/bases/ray.io_rayclusters.yaml | 3 +++ deploy/ray-operator/controllers/common/pod.go | 15 ++++++++++++--- 4 files changed, 19 insertions(+), 4 deletions(-) diff --git a/deploy/ray-operator/Makefile b/deploy/ray-operator/Makefile index dbfc3d366..57db10a40 100644 --- a/deploy/ray-operator/Makefile +++ b/deploy/ray-operator/Makefile @@ -64,7 +64,7 @@ controller-gen: ifeq (, $(shell which controller-gen)) @{ \ set -e ;\ - CONTROLLER_GEN_TMP_DIR=$$(mktemp -d)" ;\ + CONTROLLER_GEN_TMP_DIR="$$(mktemp -d)" ;\ cd "$$CONTROLLER_GEN_TMP_DIR" ;\ go mod init tmp ;\ go get sigs.k8s.io/controller-tools/cmd/controller-gen@v0.2.2 ;\ diff --git a/deploy/ray-operator/api/v1alpha1/raycluster_types.go b/deploy/ray-operator/api/v1alpha1/raycluster_types.go index c04185f7d..dde1d26d4 100644 --- a/deploy/ray-operator/api/v1alpha1/raycluster_types.go +++ b/deploy/ray-operator/api/v1alpha1/raycluster_types.go @@ -98,6 +98,9 @@ type Extension struct { // but do not directly imply semantics to the core system. Labels can be used to organize and to select subsets of objects. Labels map[string]string `json:"labels,omitempty"` + // The service acccount name. + ServiceAccountName string `json:"serviceAccountName,omitempty"` + // NodeSelector specifies a map of key-value pairs. For the pod to be eligible // to run on a node, the node must have each of the indicated key-value pairs as // labels. Optional. diff --git a/deploy/ray-operator/config/crd/bases/ray.io_rayclusters.yaml b/deploy/ray-operator/config/crd/bases/ray.io_rayclusters.yaml index 679d11342..326e9a735 100644 --- a/deploy/ray-operator/config/crd/bases/ray.io_rayclusters.yaml +++ b/deploy/ray-operator/config/crd/bases/ray.io_rayclusters.yaml @@ -836,6 +836,9 @@ spec: to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object + serviceAccountName: + description: The service acccount name. + type: string tolerations: description: The pod this Toleration is attached to tolerates any taint that matches the triple using the diff --git a/deploy/ray-operator/controllers/common/pod.go b/deploy/ray-operator/controllers/common/pod.go index 02569c015..3bfa9faf5 100644 --- a/deploy/ray-operator/controllers/common/pod.go +++ b/deploy/ray-operator/controllers/common/pod.go @@ -1,10 +1,15 @@ package common import ( - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" rayiov1alpha1 "ray-operator/api/v1alpha1" "strings" + + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +const ( + defaultServiceAccountName = "default" ) type PodConfig struct { @@ -28,12 +33,16 @@ func BuildPod(conf *PodConfig) *corev1.Pod { // Build the containers for the pod (there is currently only one). containers := []corev1.Container{buildContainer(conf)} + serviceAccountName := defaultServiceAccountName + if len(conf.Extension.ServiceAccountName) > 0 { + serviceAccountName = conf.Extension.ServiceAccountName + } spec := corev1.PodSpec{ Volumes: conf.Extension.Volumes, Containers: containers, Affinity: conf.Extension.Affinity, Tolerations: conf.Extension.Tolerations, - ServiceAccountName: conf.RayCluster.Namespace, + ServiceAccountName: serviceAccountName, } pod := &corev1.Pod{