admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix helm executor serviceaccount not created (#1948)

Browse Source 
Co-authored-by: hongming <coder.scala@gmail.com>
(cherry picked from commit 6274978709)
This commit is contained in:
KubeSphere CI Bot
2024-09-03 13:36:35 +08:00
committed by hongming
parent b1a887fbb4
commit 659fe1e3cb
1 changed files with 23 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
pkg/controller/core/installplan_controller.go
View File

@@ -711,12 +711,15 @@ func initTargetNamespace(ctx context.Context, client client.Client, namespace, e
if err := createNamespaceIfNotExists(ctx, client, namespace, extensionName); err != nil { if err := createNamespaceIfNotExists(ctx, client, namespace, extensionName); err != nil {
return fmt.Errorf("failed to create namespace: %v", err) return fmt.Errorf("failed to create namespace: %v", err)
} }
sa := rbacv1.Subject{
Kind: rbacv1.ServiceAccountKind,
Name: fmt.Sprintf("helm-executor.%s", extensionName),
Namespace: namespace,
}
return retry.RetryOnConflict(retry.DefaultRetry, func() error { return retry.RetryOnConflict(retry.DefaultRetry, func() error {
sa := rbacv1.Subject{
Kind: rbacv1.ServiceAccountKind,
Name: fmt.Sprintf("helm-executor.%s", extensionName),
Namespace: namespace,
}
if err := createOrUpdateServiceAccount(ctx, client, extensionName, sa); err != nil {
return err
}
if err := createOrUpdateRole(ctx, client, namespace, extensionName, role.Rules); err != nil { if err := createOrUpdateRole(ctx, client, namespace, extensionName, role.Rules); err != nil {
return err return err
} }
@@ -733,6 +736,21 @@ func initTargetNamespace(ctx context.Context, client client.Client, namespace, e
}) })
} }
func createOrUpdateServiceAccount(ctx context.Context, client client.Client, extensionName string, sa rbacv1.Subject) error {
serviceAccount := &corev1.ServiceAccount{ObjectMeta: metav1.ObjectMeta{Name: sa.Name, Namespace: sa.Namespace}}
op, err := controllerutil.CreateOrUpdate(ctx, client, serviceAccount, func() error {
serviceAccount.Labels = map[string]string{corev1alpha1.ExtensionReferenceLabel: extensionName}
return nil
})
if err != nil {
return err
}
klog.V(4).Infof("service account %s in namespace %s %s", serviceAccount.Name, serviceAccount.Namespace, op)
return nil
}
func createOrUpdateClusterRole(ctx context.Context, client client.Client, extensionName string, rules []rbacv1.PolicyRule) error { func createOrUpdateClusterRole(ctx context.Context, client client.Client, extensionName string, rules []rbacv1.PolicyRule) error {
clusterRoleName := fmt.Sprintf(defaultClusterRoleFormat, extensionName) clusterRoleName := fmt.Sprintf(defaultClusterRoleFormat, extensionName)
clusterRole := &rbacv1.ClusterRole{ObjectMeta: metav1.ObjectMeta{Name: clusterRoleName}} clusterRole := &rbacv1.ClusterRole{ObjectMeta: metav1.ObjectMeta{Name: clusterRoleName}}