From 659fe1e3cb469e4588ba29de22f0201a1ae8ecd7 Mon Sep 17 00:00:00 2001
From: KubeSphere CI Bot <47586280+ks-ci-bot@users.noreply.github.com>
Date: Tue, 3 Sep 2024 13:36:35 +0800
Subject: [PATCH] fix helm executor serviceaccount not created (#1948)

Co-authored-by: hongming <coder.scala@gmail.com>
(cherry picked from commit 62749787093654c9d0b389ae70d7229ed1c45286)
---
 pkg/controller/core/installplan_controller.go | 28 +++++++++++++++----
 1 file changed, 23 insertions(+), 5 deletions(-)

diff --git a/pkg/controller/core/installplan_controller.go b/pkg/controller/core/installplan_controller.go
index ad860ddf4..b846cf8bd 100644
--- a/pkg/controller/core/installplan_controller.go
+++ b/pkg/controller/core/installplan_controller.go
@@ -711,12 +711,15 @@ func initTargetNamespace(ctx context.Context, client client.Client, namespace, e
 	if err := createNamespaceIfNotExists(ctx, client, namespace, extensionName); err != nil {
 		return fmt.Errorf("failed to create namespace: %v", err)
 	}
-	sa := rbacv1.Subject{
-		Kind:      rbacv1.ServiceAccountKind,
-		Name:      fmt.Sprintf("helm-executor.%s", extensionName),
-		Namespace: namespace,
-	}
 	return retry.RetryOnConflict(retry.DefaultRetry, func() error {
+		sa := rbacv1.Subject{
+			Kind:      rbacv1.ServiceAccountKind,
+			Name:      fmt.Sprintf("helm-executor.%s", extensionName),
+			Namespace: namespace,
+		}
+		if err := createOrUpdateServiceAccount(ctx, client, extensionName, sa); err != nil {
+			return err
+		}
 		if err := createOrUpdateRole(ctx, client, namespace, extensionName, role.Rules); err != nil {
 			return err
 		}
@@ -733,6 +736,21 @@ func initTargetNamespace(ctx context.Context, client client.Client, namespace, e
 	})
 }
 
+func createOrUpdateServiceAccount(ctx context.Context, client client.Client, extensionName string, sa rbacv1.Subject) error {
+	serviceAccount := &corev1.ServiceAccount{ObjectMeta: metav1.ObjectMeta{Name: sa.Name, Namespace: sa.Namespace}}
+	op, err := controllerutil.CreateOrUpdate(ctx, client, serviceAccount, func() error {
+		serviceAccount.Labels = map[string]string{corev1alpha1.ExtensionReferenceLabel: extensionName}
+		return nil
+	})
+
+	if err != nil {
+		return err
+	}
+
+	klog.V(4).Infof("service account %s in namespace %s %s", serviceAccount.Name, serviceAccount.Namespace, op)
+	return nil
+}
+
 func createOrUpdateClusterRole(ctx context.Context, client client.Client, extensionName string, rules []rbacv1.PolicyRule) error {
 	clusterRoleName := fmt.Sprintf(defaultClusterRoleFormat, extensionName)
 	clusterRole := &rbacv1.ClusterRole{ObjectMeta: metav1.ObjectMeta{Name: clusterRoleName}}