(namespace string)
| 615 | } |
| 616 | |
| 617 | func (c *Controller) createRoleBindings(namespace string) error { |
| 618 | |
| 619 | podServiceAccountName := c.opConfig.PodServiceAccountName |
| 620 | podServiceAccountRoleBindingName := c.PodServiceAccountRoleBinding.Name |
| 621 | |
| 622 | _, err := c.KubeClient.RoleBindings(namespace).Get(context.TODO(), podServiceAccountRoleBindingName, metav1.GetOptions{}) |
| 623 | if k8sutil.ResourceNotFound(err) { |
| 624 | |
| 625 | c.logger.Infof("Creating the role binding %q in the %q namespace", podServiceAccountRoleBindingName, namespace) |
| 626 | |
| 627 | // get a separate copy of role binding |
| 628 | // to prevent a race condition when setting a namespace for many clusters |
| 629 | rb := *c.PodServiceAccountRoleBinding |
| 630 | _, err = c.KubeClient.RoleBindings(namespace).Create(context.TODO(), &rb, metav1.CreateOptions{}) |
| 631 | if err != nil { |
| 632 | return fmt.Errorf("cannot bind the pod service account %q defined in the configuration to the cluster role in the %q namespace: %v", podServiceAccountName, namespace, err) |
| 633 | } |
| 634 | |
| 635 | c.logger.Infof("successfully deployed the role binding for the pod service account %q to the %q namespace", podServiceAccountName, namespace) |
| 636 | |
| 637 | } else if k8sutil.ResourceAlreadyExists(err) { |
| 638 | return nil |
| 639 | } |
| 640 | |
| 641 | return err |
| 642 | } |
no test coverage detected