kubesphere/config/ks-core/templates/serviceaccount.yaml

{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
  name: {{ include "ks-core.serviceAccountName" . }}
  namespace: kubesphere-system
  labels:
    {{- include "ks-core.labels" . | nindent 4 }}
  {{- with .Values.serviceAccount.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}

{{- if semverCompare ">=1.24.0-0" .Capabilities.KubeVersion.GitVersion }}
---
apiVersion: v1
kind: Secret
metadata:
  name: {{ include "ks-core.serviceAccountTokenName" . }}
  labels:
    kubesphere.io/service-account-token: ""
    {{- include "ks-core.labels" . | nindent 4 }}
  {{- if .Values.serviceAccount.annotations }}
  {{- with .Values.serviceAccount.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
    kubernetes.io/service-account.name: {{ include "ks-core.serviceAccountName" . }}
    {{- end }}
  {{- else }}
  annotations:
    kubernetes.io/service-account.name: {{ include "ks-core.serviceAccountName" . }}
  {{- end }}
type: kubernetes.io/service-account-token
{{- end }}

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: {{ include "ks-core.serviceAccountName" . }}
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: {{ include "ks-core.serviceAccountName" . }}
    namespace: kubesphere-system
{{- end }}