def ensure_service_account(api: client.CoreV1Api, account, name, namespace):
if len(
api.list_namespaced_service_account(
namespace=namespace,
field_selector=f'metadata.name={name}').items) == 0:
logger.info(f'creating ServiceAccount: {name}')
api.create_namespaced_service_account(namespace=namespace,
body=account)
else:
logger.info(f'ServiceAccount exists: {name}')
def create_service_account(v1: CoreV1Api, namespace, body) -> None:
"""
Create a ServiceAccount based on a dict.
:param v1: CoreV1Api
:param namespace: namespace name
:param body: a dict
:return:
"""
print("Create a SA:")
v1.create_namespaced_service_account(namespace, body)
print(f"Service account created with name '{body['metadata']['name']}'")
def create_service_account(v1: CoreV1Api, namespace, body) -> None:
"""
Create a ServiceAccount based on a dict.
:param v1: CoreV1Api
:param namespace: namespace name
:param body: a dict
:return:
"""
print("Create a SA:")
v1.create_namespaced_service_account(namespace, body)
print(f"Service account created with name '{body['metadata']['name']}'")
def create_sa(api: client.CoreV1Api, configmap: Resource,
cro_spec: ResourceChunk, ns: str, name_suffix: str,
logger: logging.Logger):
sa_name = cro_spec.get("serviceaccount", {}).get("name")
if not sa_name:
tpl = yaml.safe_load(configmap.data['chaostoolkit-sa.yaml'])
sa_name = tpl["metadata"]["name"]
sa_name = f"{sa_name}-{name_suffix}"
tpl["metadata"]["name"] = sa_name
set_ns(tpl, ns)
try:
api.create_namespaced_service_account(body=tpl, namespace=ns)
return tpl
except ApiException as e:
if e.status == 409:
logger.info(f"Service account '{sa_name}' already exists.")
else:
raise kopf.PermanentError(
f"Failed to create service account: {str(e)}")
