From 42a92e9b3d99e53ef730e68aee92c61f35aa7fd9 Mon Sep 17 00:00:00 2001 From: Daniel Jiang Date: Tue, 21 Feb 2023 18:20:38 +0800 Subject: [PATCH] Do not create the rolebinding if user customize the service account Signed-off-by: Daniel Jiang --- pkg/cmd/cli/install/install.go | 3 ++- pkg/install/resources.go | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/pkg/cmd/cli/install/install.go b/pkg/cmd/cli/install/install.go index e9e9f713c..e8dbd9be7 100644 --- a/pkg/cmd/cli/install/install.go +++ b/pkg/cmd/cli/install/install.go @@ -94,7 +94,8 @@ func (o *InstallOptions) BindFlags(flags *pflag.FlagSet) { flags.Var(&o.PodAnnotations, "pod-annotations", "Annotations to add to the Velero and node agent pods. Optional. Format is key1=value1,key2=value2") flags.Var(&o.PodLabels, "pod-labels", "Labels to add to the Velero and node agent pods. Optional. Format is key1=value1,key2=value2") flags.Var(&o.ServiceAccountAnnotations, "sa-annotations", "Annotations to add to the Velero ServiceAccount. Add iam.gke.io/gcp-service-account=[GSA_NAME]@[PROJECT_NAME].iam.gserviceaccount.com for workload identity. Optional. Format is key1=value1,key2=value2") - flags.StringVar(&o.ServiceAccountName, "service-account-name", o.ServiceAccountName, "ServiceAccountName to be set to the Velero and node agent pods, it should be created before the installation. Optional, if this attribute is set, the default service account 'velero' will not be created, and the flag --sa-annotations will be disregarded.") + flags.StringVar(&o.ServiceAccountName, "service-account-name", o.ServiceAccountName, "ServiceAccountName to be set to the Velero and node agent pods, it should be created before the installation, and the user also needs to create the rolebinding for it."+ + " Optional, if this attribute is set, the default service account 'velero' will not be created, and the flag --sa-annotations will be disregarded.") flags.StringVar(&o.VeleroPodCPURequest, "velero-pod-cpu-request", o.VeleroPodCPURequest, `CPU request for Velero pod. A value of "0" is treated as unbounded. Optional.`) flags.StringVar(&o.VeleroPodMemRequest, "velero-pod-mem-request", o.VeleroPodMemRequest, `Memory request for Velero pod. A value of "0" is treated as unbounded. Optional.`) flags.StringVar(&o.VeleroPodCPULimit, "velero-pod-cpu-limit", o.VeleroPodCPULimit, `CPU limit for Velero pod. A value of "0" is treated as unbounded. Optional.`) diff --git a/pkg/install/resources.go b/pkg/install/resources.go index 2078c9882..11a0a5fdb 100644 --- a/pkg/install/resources.go +++ b/pkg/install/resources.go @@ -259,10 +259,10 @@ func AllResources(o *VeleroOptions) *unstructured.UnstructuredList { ns := Namespace(o.Namespace) appendUnstructured(resources, ns) - crb := ClusterRoleBinding(o.Namespace) - appendUnstructured(resources, crb) serviceAccountName := defaultServiceAccountName if o.ServiceAccountName == "" { + crb := ClusterRoleBinding(o.Namespace) + appendUnstructured(resources, crb) sa := ServiceAccount(o.Namespace, o.ServiceAccountAnnotations) appendUnstructured(resources, sa) } else {