1 files changed, 51 insertions, 0 deletions

diff --git a/app/services/clusters/gcp/kubernetes/create_service_account_service.rb b/app/services/clusters/gcp/kubernetes/create_service_account_service.rb
new file mode 100644
index 00000000000..d17744591e6
--- /dev/null
+++ b/app/services/clusters/gcp/kubernetes/create_service_account_service.rb
@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+module Clusters
+  module Gcp
+    module Kubernetes
+      class CreateServiceAccountService
+        attr_reader :kubeclient, :rbac
+
+        def initialize(kubeclient, rbac:)
+          @kubeclient = kubeclient
+          @rbac = rbac
+        end
+
+        def execute
+          kubeclient.create_service_account(service_account_resource)
+          kubeclient.create_secret(service_account_token_resource)
+          kubeclient.create_cluster_role_binding(cluster_role_binding_resource) if rbac
+        end
+
+        private
+
+        def service_account_resource
+          Gitlab::Kubernetes::ServiceAccount.new(service_account_name, service_account_namespace).generate
+        end
+
+        def service_account_token_resource
+          Gitlab::Kubernetes::ServiceAccountToken.new(
+            SERVICE_ACCOUNT_TOKEN_NAME, service_account_name, service_account_namespace).generate
+        end
+
+        def cluster_role_binding_resource
+          subjects = [{ kind: 'ServiceAccount', name: service_account_name, namespace: service_account_namespace }]
+
+          Gitlab::Kubernetes::ClusterRoleBinding.new(
+            CLUSTER_ROLE_BINDING_NAME,
+            CLUSTER_ROLE_NAME,
+            subjects
+          ).generate
+        end
+
+        def service_account_name
+          SERVICE_ACCOUNT_NAME
+        end
+
+        def service_account_namespace
+          SERVICE_ACCOUNT_NAMESPACE
+        end
+      end
+    end
+  end
+end