app/services/clusters/gcp/services_account_service.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

# frozen_string_literal: true

module Clusters
  module Gcp
    class ServicesAccountService
      attr_reader :kube_client, :cluster

      def initialize(kube_client, cluster)
        @kube_client = kube_client
        @cluster = cluster
      end

      def execute
        create_service_account
        create_namespaced_service_account
      end

      private

      def create_namespaced_service_account
        return unless cluster.platform_kubernetes_rbac?

        namespace_name = cluster.platform_kubernetes.actual_namespace

        ensure_namespace_exists(namespace_name)
        create_service_account(namespace: namespace_name, rbac: true)
      end

      def ensure_namespace_exists(namespace_name)
        Gitlab::Kubernetes::Namespace.new(namespace_name, kube_client).ensure_exists!
      end

      def create_service_account(namespace: 'default', rbac: false)
        Clusters::Gcp::Kubernetes::CreateServiceAccountService.new(
          kube_client,
          name: cluster.platform_kubernetes.service_account_name,
          namespace: namespace,
          rbac: rbac
        ).execute
      end
    end
  end
end