fix: create sa resource in control-plane with helm chart (#196)

* feat: use helm pre-install hooks to init serviceaccount in karmada control-plane

Signed-off-by: warjiang <1096409085@qq.com>

* feat: use helm post-delete hooks to clean resources

Signed-off-by: warjiang <1096409085@qq.com>

---------

Signed-off-by: warjiang <1096409085@qq.com>

charts/karmada-dashboard/templates/karmada-dashboard-clean-serviceaccount.yaml

@@ -0,0 +1,41 @@
+{{- $name := include "karmada-dashboard.name" . -}}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ $name }}-clean-serviceaccount
+  namespace: {{ include "karmada-dashboard.namespace" . }}
+  labels:
+      {{- include "karmada-dashboard.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-weight": "0"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+spec:
+  template:
+    metadata:
+      name: {{ $name }}-clean-serviceaccount
+    spec:
+      restartPolicy: Never
+      containers:
+      - name: clean-serviceaccount-job
+        image: "bitnami/kubectl:1.32.2"
+        command: ["/bin/bash", "-c"]
+        args:
+          - |
+            set +e
+            /opt/bitnami/kubectl/bin/kubectl --kubeconfig=/etc/kubeconfig delete -f /etc/config
+            set -e
+        volumeMounts:
+          - name: kubeconfig-secret
+            subPath: kubeconfig
+            mountPath: /etc/kubeconfig
+          - name: serviceaccount-configmap
+            subPath: serviceaccount
+            mountPath: /etc/config
+      volumes:
+        - name: kubeconfig-secret
+          secret:
+            secretName: {{ .Values.api.kubeconfigName }}
+        - name: serviceaccount-configmap
+          configMap:
+            name: {{ $name }}-serviceaccount-configmap

charts/karmada-dashboard/templates/karmada-dashboard-init-serviceaccount.yaml

@@ -0,0 +1,39 @@
+{{- $name := include "karmada-dashboard.name" . -}}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ $name }}-init-serviceaccount
+  namespace: {{ include "karmada-dashboard.namespace" . }}
+  labels:
+      {{- include "karmada-dashboard.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": post-install
+    "helm.sh/hook-weight": "0"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+spec:
+  template:
+    metadata:
+      name: {{ $name }}-init-serviceaccount
+    spec:
+      restartPolicy: Never
+      containers:
+      - name: init-serviceaccount-job
+        image: "bitnami/kubectl:1.32.2"
+        command: [ "/bin/bash", "-c" ]
+        args:
+          - |
+            /opt/bitnami/kubectl/bin/kubectl --kubeconfig=/etc/kubeconfig apply -f /etc/config
+        volumeMounts:
+          - name: kubeconfig-secret
+            subPath: kubeconfig
+            mountPath: /etc/kubeconfig
+          - name: serviceaccount-configmap
+            subPath: serviceaccount
+            mountPath: /etc/config
+      volumes:
+        - name: kubeconfig-secret
+          secret:
+            secretName: {{ .Values.api.kubeconfigName }}
+        - name: serviceaccount-configmap
+          configMap:
+            name: {{ $name }}-serviceaccount-configmap

charts/karmada-dashboard/templates/karmada-dashboard-serviceaccount-configmap.yaml

@@ -0,0 +1,42 @@
+{{- $name := include "karmada-dashboard.name" . -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ $name }}-serviceaccount-configmap
+  namespace: {{ include "karmada-dashboard.namespace" . }}
+data:
+  serviceaccount: |
+    kind: ClusterRoleBinding
+    apiVersion: rbac.authorization.k8s.io/v1
+    metadata:
+      name: karmada-dashboard
+      annotations:
+        rbac.authorization.kubernetes.io/autoupdate: "true"
+    roleRef:
+      kind: ClusterRole
+      name: cluster-admin
+      apiGroup: rbac.authorization.k8s.io
+    subjects:
+      - kind: ServiceAccount
+        name: karmada-dashboard
+        namespace: {{ include "karmada-dashboard.namespace" . }}
+
+    ---
+    apiVersion: v1
+    kind: ServiceAccount
+    metadata:
+      name: karmada-dashboard
+      namespace: {{ include "karmada-dashboard.namespace" . }}
+      labels:
+        kubernetes.io/cluster-service: "true"
+        addonmanager.kubernetes.io/mode: Reconcile
+
+    ---
+    apiVersion: v1
+    kind: Secret
+    metadata:
+      name: karmada-dashboard-secret
+      namespace: {{ include "karmada-dashboard.namespace" . }}
+      annotations:
+        kubernetes.io/service-account.name: karmada-dashboard
+    type: kubernetes.io/service-account-token