fix helm executor serviceaccount not created (#1948)
Co-authored-by: hongming <coder.scala@gmail.com>
(cherry picked from commit 6274978709)
This commit is contained in:
KubeSphere CI Bot
committed by
hongming
hongming
parent
b1a887fbb4
commit
659fe1e3cb
@@ -711,12 +711,15 @@ func initTargetNamespace(ctx context.Context, client client.Client, namespace, e
|
||||
if err := createNamespaceIfNotExists(ctx, client, namespace, extensionName); err != nil {
|
||||
return fmt.Errorf("failed to create namespace: %v", err)
|
||||
}
|
||||
sa := rbacv1.Subject{
|
||||
Kind: rbacv1.ServiceAccountKind,
|
||||
Name: fmt.Sprintf("helm-executor.%s", extensionName),
|
||||
Namespace: namespace,
|
||||
}
|
||||
return retry.RetryOnConflict(retry.DefaultRetry, func() error {
|
||||
sa := rbacv1.Subject{
|
||||
Kind: rbacv1.ServiceAccountKind,
|
||||
Name: fmt.Sprintf("helm-executor.%s", extensionName),
|
||||
Namespace: namespace,
|
||||
}
|
||||
if err := createOrUpdateServiceAccount(ctx, client, extensionName, sa); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := createOrUpdateRole(ctx, client, namespace, extensionName, role.Rules); err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -733,6 +736,21 @@ func initTargetNamespace(ctx context.Context, client client.Client, namespace, e
|
||||
})
|
||||
}
|
||||
|
||||
func createOrUpdateServiceAccount(ctx context.Context, client client.Client, extensionName string, sa rbacv1.Subject) error {
|
||||
serviceAccount := &corev1.ServiceAccount{ObjectMeta: metav1.ObjectMeta{Name: sa.Name, Namespace: sa.Namespace}}
|
||||
op, err := controllerutil.CreateOrUpdate(ctx, client, serviceAccount, func() error {
|
||||
serviceAccount.Labels = map[string]string{corev1alpha1.ExtensionReferenceLabel: extensionName}
|
||||
return nil
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
klog.V(4).Infof("service account %s in namespace %s %s", serviceAccount.Name, serviceAccount.Namespace, op)
|
||||
return nil
|
||||
}
|
||||
|
||||
func createOrUpdateClusterRole(ctx context.Context, client client.Client, extensionName string, rules []rbacv1.PolicyRule) error {
|
||||
clusterRoleName := fmt.Sprintf(defaultClusterRoleFormat, extensionName)
|
||||
clusterRole := &rbacv1.ClusterRole{ObjectMeta: metav1.ObjectMeta{Name: clusterRoleName}}
|
||||
|
||||
Reference in New Issue
Block a user