check if service account exists before uninstalling release

Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
fluxcd · Mar 2, 2023 · c29e381 · c29e381
1 parent 8d7b650
commit c29e381
Showing 1 changed file with 31 additions and 12 deletions.
diff --git a/controllers/helmrelease_controller.go b/controllers/helmrelease_controller.go
@@ -660,8 +660,11 @@ func (r *HelmReleaseReconciler) composeValues(ctx context.Context, hr v2.HelmRel
 
 // reconcileDelete deletes the v1beta2.HelmChart of the v2beta1.HelmRelease,
 // and uninstalls the Helm release if the resource has not been suspended.
+// It only performs a Helm uninstall if the ServiceAccount to be impersonated
+// exists.
 func (r *HelmReleaseReconciler) reconcileDelete(ctx context.Context, hr v2.HelmRelease) (ctrl.Result, error) {
  r.recordReadiness(ctx, hr)
+ log := ctrl.LoggerFrom(ctx)
 
  // Delete the HelmChart that belongs to this resource.
  if err := r.deleteHelmChart(ctx, &hr); err != nil {
@@ -670,19 +673,35 @@ func (r *HelmReleaseReconciler) reconcileDelete(ctx context.Context, hr v2.HelmR
 
  // Only uninstall the Helm Release if the resource is not suspended.
  if !hr.Spec.Suspend {
- getter, err := r.buildRESTClientGetter(ctx, hr)
- if err != nil {
- return ctrl.Result{}, err
- }
- run, err := runner.NewRunner(getter, hr.GetStorageNamespace(), ctrl.LoggerFrom(ctx))
- if err != nil {
- return ctrl.Result{}, err
- }
- if err := run.Uninstall(hr); err != nil && !errors.Is(err, driver.ErrReleaseNotFound) {
- return ctrl.Result{}, err
+ impersonator := runtimeClient.NewImpersonator(
+ r.Client,
+ r.StatusPoller,
+ r.PollingOpts,
+ hr.Spec.KubeConfig,
+ r.KubeConfigOpts,
+ kube.DefaultServiceAccountName,
+ hr.Spec.ServiceAccountName,
+ hr.GetNamespace(),
+ )
+
+ if impersonator.CanImpersonate(ctx) {
+ getter, err := r.buildRESTClientGetter(ctx, hr)
+ if err != nil {
+ return ctrl.Result{}, err
+ }
+ run, err := runner.NewRunner(getter, hr.GetStorageNamespace(), ctrl.LoggerFrom(ctx))
+ if err != nil {
+ return ctrl.Result{}, err
+ }
+ if err := run.Uninstall(hr); err != nil && !errors.Is(err, driver.ErrReleaseNotFound) {
+ return ctrl.Result{}, err
+ }
+ log.Info("uninstalled Helm release for deleted resource")
+ } else {
+ msg := "skipping Helm uninstall"
+ log.Error(fmt.Errorf("failed to find service account to impersonate"), msg)
+ r.event(ctx, hr, hr.Status.LastAppliedRevision, eventv1.EventSeverityError, msg)
  }
- ctrl.LoggerFrom(ctx).Info("uninstalled Helm release for deleted resource")
-
  } else {
  ctrl.LoggerFrom(ctx).Info("skipping Helm uninstall for suspended resource")
  }