{{- if and .Values.serviceAccount.create ( not .Values.metering.awsMarketplace ) }} kind: ServiceAccount apiVersion: v1 metadata: {{- if .Values.secrets.awsIamRole }} annotations: eks.amazonaws.com/role-arn: {{ .Values.secrets.awsIamRole }} {{- end }} {{- if eq (include "check.azureFederatedIdentity" .) "true" }} annotations: azure.workload.identity/client-id: {{ .Values.secrets.azureClientId | quote }} {{- end }} labels: {{ include "helm.labels" . | indent 4 }} name: {{ template "serviceAccountName" . }} namespace: {{ .Release.Namespace }} {{- end }} {{- if and (not ( eq (include "meteringServiceAccountName" .) (include "serviceAccountName" .))) ( not .Values.metering.awsManagedLicense ) .Values.metering.serviceAccount.create }} --- kind: ServiceAccount apiVersion: v1 metadata: {{- if .Values.metering.awsMarketPlaceIamRole }} annotations: eks.amazonaws.com/role-arn: {{ .Values.metering.awsMarketPlaceIamRole }} {{- end }} labels: {{ include "helm.labels" . | indent 4 }} name: {{ template "meteringServiceAccountName" . }} namespace: {{ .Release.Namespace }} {{- end }} {{- if and (.Values.auth.openshift.enabled) (not .Values.auth.openshift.serviceAccount) }} {{- if or (.Values.auth.openshift.clientSecret) (.Values.auth.openshift.clientSecretName) }} {{ fail "auth.openshift.serviceAccount is required when auth.openshift.clientSecret or auth.openshift.clientSecretName is used "}} {{- end }} --- kind: ServiceAccount apiVersion: v1 metadata: name: {{ include "k10.dexServiceAccountName" . }} namespace: {{ .Release.Namespace }} annotations: {{- $dashboardURL := (trimSuffix "/" (required "auth.openshift.dashboardURL field is required" .Values.auth.openshift.dashboardURL)) -}} {{- if (not (hasSuffix .Release.Name $dashboardURL)) }} {{ fail "auth.openshift.dashboardURL should end with the K10's release name" }} {{- end }} serviceaccounts.openshift.io/oauth-redirecturi.dex: {{ printf "%s/dex/callback" $dashboardURL }} {{- end }}