Skip to content

Commit 2ebb55e

Browse files
이해수박지원F
authored andcommitted
[Internal] K8s Optimizer ServiceAccount 설정 지원
EKS Pod Identity / IRSA를 위한 serviceAccount 속성 추가. podTemplate 미사용 시 Deployment spec에 serviceAccountName 설정 가능. Signed-off-by: 박지원F <jiwonpark@tossinvest.com>
1 parent 586f1f2 commit 2ebb55e

2 files changed

Lines changed: 9 additions & 2 deletions

File tree

amoro-ams/src/main/java/org/apache/amoro/server/manager/KubernetesOptimizerContainer.java

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,7 @@ public class KubernetesOptimizerContainer extends AbstractOptimizerContainer {
6868
public static final String PODTEMPLATE = "podTemplate";
6969
public static final String PULL_SECRETS = "imagePullSecrets";
7070
public static final String KUBE_CONFIG_PATH = "kube-config-path";
71+
public static final String SERVICE_ACCOUNT = "serviceAccount";
7172

7273
private static final String NAME_PREFIX = "amoro-optimizer-";
7374

@@ -138,6 +139,7 @@ protected Map<String, String> doScaleOut(Resource resource) {
138139
memory,
139140
imagePullSecretsList);
140141
} else {
142+
String serviceAccount = groupProperties.get(SERVICE_ACCOUNT);
141143
deployment =
142144
initPodTemplateWithoutConfig(
143145
image,
@@ -147,7 +149,8 @@ protected Map<String, String> doScaleOut(Resource resource) {
147149
resourceId,
148150
startUpArgs,
149151
memory,
150-
imagePullSecretsList);
152+
imagePullSecretsList,
153+
serviceAccount);
151154
}
152155

153156
client.apps().deployments().inNamespace(namespace).resource(deployment).create();
@@ -218,7 +221,8 @@ public Deployment initPodTemplateWithoutConfig(
218221
String resourceId,
219222
String startUpArgs,
220223
long memory,
221-
List<LocalObjectReference> imagePullSecretsList) {
224+
List<LocalObjectReference> imagePullSecretsList,
225+
String serviceAccount) {
222226

223227
DeploymentBuilder deploymentBuilder =
224228
new DeploymentBuilder()
@@ -234,6 +238,7 @@ public Deployment initPodTemplateWithoutConfig(
234238
.addToLabels("AmoroResourceId", resourceId)
235239
.endMetadata()
236240
.withNewSpec()
241+
.withServiceAccountName(serviceAccount)
237242
.addNewContainer()
238243
.withName("optimizer")
239244
.withImage(image)

charts/amoro/values.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -284,6 +284,8 @@ optimizer:
284284
#kube-config-path: "~/.kube/config"
285285
image: "apache/amoro:latest"
286286
pullPolicy: "IfNotPresent"
287+
# serviceAccount name for optimizer pods (required for EKS Pod Identity / IRSA)
288+
#serviceAccount: "amoro-optimizer-sa"
287289
extra: []
288290

289291
## Configure the plugin that allows you to access the metric reporters and event listeners.

0 commit comments

Comments
 (0)