feat: restore sa

2025-10-21 22:39:36 +08:00 · 2023-02-16 21:01:55 +08:00
parent 674d4aeefe
commit 589f57afb0
4 changed files with 37 additions and 1 deletions
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -33,6 +33,9 @@ const (
 	// env name
 	EnvTunNameOrLUID   = "TunNameOrLUID"
 	EnvInboundPodTunIP = "InboundPodTunIP"
+
+	// annotation
+	AnnoServiceAccountName = "service_account_name_backup_by_kubevpn"
 )

 var (
--- a/pkg/handler/envoy.go
+++ b/pkg/handler/envoy.go
@@ -88,6 +88,11 @@ func InjectVPNAndEnvoySidecar(ctx1 context.Context, factory cmdutil.Factory, cli
 			Path:  "/metadata/annotations/probe",
 			Value: b,
 		},
+		{
+			Op:    "replace",
+			Path:  "/metadata/annotations/" + config.AnnoServiceAccountName,
+			Value: origin.Spec.ServiceAccountName,
+		},
 	}
 	var bytes []byte
 	bytes, err = json.Marshal(append(ps, removePatch...))
@@ -131,6 +136,15 @@ func UnPatchContainer(factory cmdutil.Factory, mapInterface v12.ConfigMapInterfa
 	}

 	if empty {
+		var anno map[string]string
+		anno, err = util.GetAnnotation(factory, namespace, workloads)
+		if err != nil {
+			return err
+		}
+		if v, ok := anno[config.AnnoServiceAccountName]; ok {
+			templateSpec.Spec.ServiceAccountName = v
+		}
+
 		mesh.RemoveContainers(templateSpec)
 		helper := pkgresource.NewHelper(object.Client, object.Mapping)
 		var bytes []byte
@@ -151,6 +165,9 @@ func UnPatchContainer(factory cmdutil.Factory, mapInterface v12.ConfigMapInterfa
 			return err
 		}
 		_, err = helper.Patch(object.Namespace, object.Name, types.JSONPatchType, bytes, &metav1.PatchOptions{})
+		if err != nil {
+			return err
+		}
 	}
 	return err
 }
--- a/pkg/mesh/controller.go
+++ b/pkg/mesh/controller.go
@@ -19,7 +19,6 @@ func RemoveContainers(spec *v1.PodTemplateSpec) {
 			i--
 		}
 	}
-	spec.Spec.ServiceAccountName = ""
 }

 func AddMeshContainer(spec *v1.PodTemplateSpec, ns, nodeId string, c util.PodRouteConfig) {
--- a/pkg/util/util.go
+++ b/pkg/util/util.go
@@ -39,6 +39,7 @@ import (
 	watchtools "k8s.io/client-go/tools/watch"
 	"k8s.io/client-go/transport/spdy"
 	"k8s.io/kubectl/pkg/cmd/exec"
+	"k8s.io/kubectl/pkg/cmd/util"
 	cmdutil "k8s.io/kubectl/pkg/cmd/util"
 	"k8s.io/kubectl/pkg/polymorphichelpers"

@@ -480,3 +481,19 @@ func IsPortListening(port int) bool {
 		return false
 	}
 }
+
+func GetAnnotation(f util.Factory, ns string, resources string) (map[string]string, error) {
+	ownerReference, err := GetTopOwnerReference(f, ns, resources)
+	if err != nil {
+		return nil, err
+	}
+	u, ok := ownerReference.Object.(*unstructured.Unstructured)
+	if !ok {
+		return nil, fmt.Errorf("can not convert to unstaructed")
+	}
+	annotations := u.GetAnnotations()
+	if annotations == nil {
+		annotations = map[string]string{}
+	}
+	return annotations, nil
+}