Use cluster role for the SDK deployment when running in EC

replicatedhq · Oct 15, 2024 · 643f35d · 643f35d
1 parent d20730a
commit 643f35d
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/pkg/upstream/helm.go b/pkg/upstream/helm.go
@@ -14,6 +14,8 @@ import (
 	"strings"
 
 	"github.com/pkg/errors"
+	"github.com/replicatedhq/kots/pkg/k8sutil"
+	"github.com/replicatedhq/kots/pkg/kotsadm"
 	"github.com/replicatedhq/kots/pkg/kotsutil"
 	"github.com/replicatedhq/kots/pkg/upstream/types"
 	"gopkg.in/yaml.v3"
@@ -282,6 +284,17 @@ func buildReplicatedValues(u *types.Upstream, options types.WriteOptions) (map[s
 		replicatedValues["privateCAConfigmap"] = options.PrivateCAsConfigmap
 	}
 
+	clientset, err := k8sutil.GetClientset()
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to get k8s clientset")
+	}
+
+	// In EC installs use the existing kotsadm service account that gets bound to a cluster role.
+	kotsadmMetadata := kotsadm.GetMetadata(clientset)
+	if kotsadmMetadata.IsEmbeddedCluster {
+		replicatedValues["serviceAccountName"] = "kotsadm"
+	}
+
 	replicatedValues["extraEnv"] = []struct {
 		Name  string `yaml:"name"`
 		Value string `yaml:"value"`