From 5f9ee0b5e39dade1cdbd13978368ceb66e166f23 Mon Sep 17 00:00:00 2001
From: divolgin <dmitriy@replicated.com>
Date: Tue, 15 Oct 2024 14:17:21 -0700
Subject: [PATCH] Use cluster role for the SDK deployment when running in EC

---
 pkg/upstream/helm.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/pkg/upstream/helm.go b/pkg/upstream/helm.go
index 76f74721cd..3703cdfc4c 100644
--- a/pkg/upstream/helm.go
+++ b/pkg/upstream/helm.go
@@ -16,6 +16,7 @@ import (
 	"github.com/pkg/errors"
 	"github.com/replicatedhq/kots/pkg/kotsutil"
 	"github.com/replicatedhq/kots/pkg/upstream/types"
+	"github.com/replicatedhq/kots/pkg/util"
 	"gopkg.in/yaml.v3"
 )
 
@@ -282,6 +283,11 @@ func buildReplicatedValues(u *types.Upstream, options types.WriteOptions) (map[s
 		replicatedValues["privateCAConfigmap"] = options.PrivateCAsConfigmap
 	}
 
+	// In EC installs, use the existing kotsadm ServiceAccount that gets bound to a cluster role.
+	if util.IsEmbeddedCluster() {
+		replicatedValues["serviceAccountName"] = "kotsadm"
+	}
+
 	replicatedValues["extraEnv"] = []struct {
 		Name  string `yaml:"name"`
 		Value string `yaml:"value"`