rancher-partner-charts/charts/kasten/k10/7.0.501/templates/serviceaccount.yaml

{{- if and .Values.serviceAccount.create ( not .Values.metering.awsMarketplace ) }}
kind: ServiceAccount
apiVersion: v1
metadata:
{{- if .Values.secrets.awsIamRole }}
  annotations:
    eks.amazonaws.com/role-arn: {{ .Values.secrets.awsIamRole }}
{{- end }}
  labels:
{{ include "helm.labels" . | indent 4 }}
  name: {{ template "serviceAccountName" . }}
  namespace: {{ .Release.Namespace }}
{{- end }}
{{- if and (not ( eq (include "meteringServiceAccountName" .) (include "serviceAccountName" .))) ( not .Values.metering.awsManagedLicense ) .Values.metering.serviceAccount.create }}
---
kind: ServiceAccount
apiVersion: v1
metadata:
{{- if .Values.metering.awsMarketPlaceIamRole }}
  annotations:
    eks.amazonaws.com/role-arn: {{ .Values.metering.awsMarketPlaceIamRole }}
{{- end }}
  labels:
{{ include "helm.labels" . | indent 4 }}
  name: {{ template "meteringServiceAccountName" . }}
  namespace: {{ .Release.Namespace }}
{{- end }}
{{- if and (.Values.auth.openshift.enabled) (not .Values.auth.openshift.serviceAccount) }}
{{- if or (.Values.auth.openshift.clientSecret) (.Values.auth.openshift.clientSecretName) }}
  {{ fail "auth.openshift.serviceAccount is required when auth.openshift.clientSecret or auth.openshift.clientSecretName is used "}}
{{- end }}
---
kind: ServiceAccount
apiVersion: v1
metadata:
  name: {{ include "k10.dexServiceAccountName" . }}
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- $dashboardURL := (trimSuffix "/" (required "auth.openshift.dashboardURL field is required" .Values.auth.openshift.dashboardURL)) -}}
    {{- if (not (hasSuffix .Release.Name $dashboardURL)) }}
      {{ fail "auth.openshift.dashboardURL should end with the K10's release name" }}
    {{- end }}
    serviceaccounts.openshift.io/oauth-redirecturi.dex: {{ printf "%s/dex/callback" $dashboardURL }}
{{- end }}