public async Task <k8s.Models.V1ServiceAccount> EnsureServiceAccountExists(KubernetesEndpointManifest clusterInfo)
{
clusterInfo.ServiceAccount.Spec.Metadata.NamespaceProperty = clusterInfo.Namespace.Metadata.Name;
clusterInfo.ServiceAccount.Role.Metadata.NamespaceProperty = clusterInfo.Namespace.Metadata.Name;
clusterInfo.ServiceAccount.Binding.Metadata.NamespaceProperty = clusterInfo.Namespace.Metadata.Name;
using var operation = Logger.BeginOperation($"Preparing Kubernetes service account '{clusterInfo.ServiceAccount.Spec.Metadata.Name}' ...", "Ensure-K8S-ServiceAccount");
foreach (var item in clusterInfo.ServiceAccount.Binding.Subjects)
{
item.NamespaceProperty = clusterInfo.Namespace.Metadata.Name;
}
var found = await GetSaFromNamespace(clusterInfo);
if (found == null)
{
_ = await k8s.CreateNamespacedServiceAccountAsync(clusterInfo.ServiceAccount.Spec,
clusterInfo.Namespace.Metadata.Name);
operation.EndWithSuccess("SA Created");
}
else
{
using var op = Logger.BeginOperation($"Updating Kubernetes service account '{clusterInfo.ServiceAccount.Spec.Metadata.Name}' ...", "Update-K8S-SA");
_ = await k8s.ReplaceNamespacedServiceAccountAsync(clusterInfo.ServiceAccount.Spec,
clusterInfo.ServiceAccount.Spec.Metadata.Name,
clusterInfo.Namespace.Metadata.Name);
operation.EndWithSuccess("SA Updated");
}
await EnsureRoleExistsAsync(clusterInfo);
await EnsureRoleBindingExistsAsync(clusterInfo);
// You need to reload this - so the secrets are also poplulated
return(await GetSaFromNamespace(clusterInfo));
}