Documentation
¶
Overview ¶
Copyright 2021 IBM Corporation
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Index ¶
- Constants
- Variables
- func CommonWebUIConfigMap(namespace string) *corev1.ConfigMap
- func ContainsString(strs []string, search string) bool
- func CopyMap(m map[string]interface{}) map[string]interface{}
- func DeleteConfigMap(ctx context.Context, client client.Client, name string, namespace string) error
- func DeleteGenericResource(ctx context.Context, name string, namespace string, group string, ...) error
- func DeleteIngress(ctx context.Context, client client.Client, ingressName string, ...) error
- func GetCurrentServiceStatus(ctx context.Context, k8sClient client.Client, instance *v1alpha1.CommonWebUI, ...) (status v1alpha1.ServiceStatus)
- func GetDesiredRoute(client client.Client, instance *operatorsv1alpha1.CommonWebUI, name string, ...) (*route.Route, error)
- func GetImageID(imageRegistry, imageName, defaultImageVersion, imagePostfix, envVarName string) string
- func GetResourceLimitsWithDefault(valueStr string, defaultValue int64) int64
- func GetResourceMemoryWithDefault(valueStr string, defaultValue int64) int64
- func GetStringWithDefault(str, defaultStr string) string
- func IsCertificateEqual(oldCertificate, newCertificate *certmgr.Certificate) bool
- func IsDeploymentEqual(oldDeployment, newDeployment *appsv1.Deployment) bool
- func IsIngressEqual(oldIngress, newIngress *netv1.Ingress) bool
- func IsRoleBindingEqual(oldRoleBinding, newRoleBinding *rbacv1.RoleBinding) bool
- func IsRoleEqual(oldRole, newRole *rbacv1.Role) bool
- func IsRouteEqual(oldRoute, newRoute *route.Route) bool
- func IsServiceAccountEqual(oldSA, newSA *corev1.ServiceAccount) bool
- func IsServiceEqual(oldService, newService *corev1.Service) bool
- func LabelsForMetadata(name string) map[string]string
- func LabelsForPodMetadata(name string, crType string, crName string) map[string]string
- func LabelsForSelector(name string, crType string, crName string) map[string]string
- func MergeMap(in map[string]string, mergeMap map[string]string) map[string]string
- func PreserveKeyValue(key string, src, dest map[string]string)
- func ReconcileAPIIngress(ctx context.Context, client client.Client, ...) error
- func ReconcileAdminHubNavConfig(ctx context.Context, client client.Client, ...) error
- func ReconcileCallbackIngress(ctx context.Context, client client.Client, ...) error
- func ReconcileCertificates(ctx context.Context, client client.Client, ...) error
- func ReconcileCommonUIConfigConfigMap(ctx context.Context, client client.Client, ...) error
- func ReconcileDeployment(ctx context.Context, client client.Client, ...) error
- func ReconcileLog4jsConfigMap(ctx context.Context, client client.Client, ...) error
- func ReconcileNavIngress(ctx context.Context, client client.Client, ...) error
- func ReconcileRemoveIngresses(ctx context.Context, client client.Client, ...)
- func ReconcileRole(ctx context.Context, client client.Client, ...) error
- func ReconcileRoleBinding(ctx context.Context, client client.Client, ...) error
- func ReconcileRoute(ctx context.Context, client client.Client, ...) error
- func ReconcileRoutes(ctx context.Context, client client.Client, ...) error
- func ReconcileService(ctx context.Context, client client.Client, ...) error
- func ReconcileServiceAccount(ctx context.Context, client client.Client, ...) error
- func RemoveString(strs []string, search string) []string
- func ZenFrontDoorEnabled(ctx context.Context, crclient client.Client, namespace string) bool
- type CertificateData
Constants ¶
const APIIngressName = "common-web-ui-api"
const CallbackIngressName = "common-web-ui-callback"
const CertRestartLabel = "certmanager.k8s.io/time-restarted"
const Certv1alpha1APIVersion = "certmanager.k8s.io/v1alpha1"
const ClusterCaVolumeName = "cluster-ca"
const ClusterInfoConfigVolumeName = "ibmcloud-cluster-info"
const ClusterInfoConfigmapName = "ibmcloud-cluster-info"
const CnRouteName = "cp-console"
const CnRoutePath = "/"
const CommonConfigMapName = "common-web-ui-config"
const CommonWebUICRType = "commonwebuiservice_cr"
const ConsoleRouteName = "cp-console"
const DaemonSetName = "common-web-ui"
const DefaultClusterIssuer = "cs-ca-issuer"
const DefaultImageName = "common-web-ui"
const DefaultImageRegistry = "icr.io/cpopen/cpfs"
const DefaultImageTag = "1.2.1"
const DefaultNamespace = "ibm-common-services"
const DeploymentName = "common-web-ui"
const IAMAuthDataVolumeName = "iamadata"
const IAMDataVolumeName = "iamdata"
const InternalTLSVolumeName = "internal-tls"
const Log4jsConfigMapName = "common-web-ui-log4js"
const Log4jsVolumeName = "log4js"
const LoginConfirmationButton string = "login-confirmation-button"
const LoginConfirmationText string = "login-confirmation-text"
const LoginConfirmationTitle string = "login-confirmation-title"
const NSSAnnotation = "nss.ibm.com/namespaceList"
const NotReady = "NotReady"
const OperandRoleBindingName = "ibm-commonui-operand"
const OperandRoleName = "ibm-commonui-operand"
const PlatformAuthIdpConfigVolumeName = "platform-auth-idp"
const PlatformAuthIdpConfigmapName = "platform-auth-idp"
const Ready = "Ready"
const ReleaseName = "common-web-ui"
const ServiceAccountName = "ibm-commonui-operand"
const ServiceName = "common-web-ui"
const UICertCommonName = "common-web-ui"
const UICertName = "common-web-ui-ca-cert"
const UICertSecretName = "common-web-ui-cert" + ""
const UICertVolumeName = "common-web-ui-certs"
const Unknown = "Unknown"
const WebUIConfigVolumeName = "common-web-ui-config"
const ZenCardExtensionsConfigMapName = "common-web-ui-zen-card-extensions"
const ZenProductInfoConfigVolumeName = "product-configmap"
Variables ¶
var APIIngressAnnotations = map[string]string{
"kubernetes.io/ingress.class": "ibm-icp-management",
"icp.management.ibm.com/secure-backends": "true",
"icp.management.ibm.com/configuration-snippet": `
add_header 'X-XSS-Protection' '1' always;
port_in_redirect off;`,
}
nolint
var ArchitectureList = []string{
"amd64",
"ppc64le",
"s390x",
}
var CallbackIngressAnnotations = map[string]string{
"kubernetes.io/ingress.class": "ibm-icp-management",
"icp.management.ibm.com/upstream-uri": "/auth/liberty/callback",
"icp.management.ibm.com/secure-backends": "true",
}
var ClusterCaVolume = corev1.Volume{ Name: ClusterCaVolumeName, VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ SecretName: "cs-ca-certificate-secret", Items: []corev1.KeyToPath{ { Key: "tls.key", Path: "ca.key", }, { Key: "tls.crt", Path: "ca.crt", }, }, Optional: &TrueVar, DefaultMode: &DefaultVolumeMode, }, }, }
var ClusterInfoConfigVolume = corev1.Volume{ Name: ClusterInfoConfigVolumeName, VolumeSource: corev1.VolumeSource{ ConfigMap: &corev1.ConfigMapVolumeSource{ LocalObjectReference: corev1.LocalObjectReference{ Name: "ibmcloud-cluster-info", }, Optional: &TrueVar, DefaultMode: &DefaultVolumeMode, }, }, }
var CnAnnotations = map[string]string{
"haproxy.router.openshift.io/timeout": "90s",
"haproxy.router.openshift.io/pod-concurrent-connections": "100",
"haproxy.router.openshift.io/rate-limit-connections": "true",
"haproxy.router.openshift.io/rate-limit-connections.concurrent-tcp": "100",
"haproxy.router.openshift.io/rate-limit-connections.rate-http": "100",
"haproxy.router.openshift.io/rate-limit-connections.rate-tcp": "100",
}
var CommonContainer = corev1.Container{ Image: "common-web-ui", Name: "common-web-ui", ImagePullPolicy: corev1.PullIfNotPresent, Resources: corev1.ResourceRequirements{ Limits: map[corev1.ResourceName]resource.Quantity{ corev1.ResourceCPU: *cpu300, corev1.ResourceMemory: *memory256, }, Requests: map[corev1.ResourceName]resource.Quantity{ corev1.ResourceCPU: *cpu300, corev1.ResourceMemory: *memory256, corev1.ResourceEphemeralStorage: *memory251, }, }, SecurityContext: &commonSecurityContext, ReadinessProbe: &corev1.Probe{ ProbeHandler: corev1.ProbeHandler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/readinessProbe", Port: intstr.IntOrString{ Type: intstr.Int, IntVal: 3000, }, Scheme: corev1.URISchemeHTTPS, }, }, InitialDelaySeconds: 30, TimeoutSeconds: 15, PeriodSeconds: 10, SuccessThreshold: 1, FailureThreshold: 3, }, LivenessProbe: &corev1.Probe{ ProbeHandler: corev1.ProbeHandler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/livenessProbe", Port: intstr.IntOrString{ Type: intstr.Int, IntVal: 3000, }, Scheme: corev1.URISchemeHTTPS, }, }, InitialDelaySeconds: 30, TimeoutSeconds: 5, PeriodSeconds: 30, SuccessThreshold: 1, FailureThreshold: 3, }, Env: []corev1.EnvVar{ { Name: "contextPath", Value: "/common-nav", }, { Name: "cfcRouterUrl", Value: "https://icp-management-ingress:443", }, { Name: "NODE_EXTRA_CA_CERTS", Value: " /opt/ibm/platform-header/certs/ca.crt", }, { Name: "PLATFORM_IDENTITY_PROVIDER_URL", Value: "https://platform-identity-provider:4300", }, { Name: "PLATFORM_AUTH_SERVICE_URL", Value: "https://platform-auth-service:9443", }, { Name: "NAV_PORT", Value: "8443", }, { Name: "CLOUDPAK_VERSION", Value: "1.0.0", }, { Name: "CLUSTER_NAME", Value: "mycluster", }, { Name: "defaultAuth", Value: "", }, { Name: "enterpriseLDAP", Value: "", }, { Name: "enterpriseSAML", Value: "", }, { Name: "osAuth", Value: "", }, { Name: "SESSION_POLLING_INTERVAL", Value: "300", }, { Name: "PREFERRED_LOGIN", Value: "deprecated", }, { Name: "ROKS_ENABLED", Value: "deprecated", }, { Name: "USE_HTTPS", Value: "true", }, { Name: "UI_SSL_CA", Value: "/certs/common-web-ui/ca.crt", }, { Name: "UI_SSL_CERT", Value: "/certs/common-web-ui/tls.crt", }, { Name: "UI_SSL_KEY", Value: "/certs/common-web-ui/tls.key", }, { Name: "LANDING_PAGE", Value: "", }, { Name: "WATCH_NAMESPACE", Value: "", }, { Name: "POD_NAMESPACE", ValueFrom: &corev1.EnvVarSource{ FieldRef: &corev1.ObjectFieldSelector{ APIVersion: "v1", FieldPath: "metadata.namespace", }, }, }, { Name: "USE_ZEN", Value: "false", }, { Name: "APP_VERSION", Value: "", }, { Name: "CLUSTER_TYPE", Value: "unknown", }, { Name: "OSAUTH_ENABLED", Value: "deprecated", }, { Name: "INSTANA_AGENT_HOST", ValueFrom: &corev1.EnvVarSource{ FieldRef: &corev1.ObjectFieldSelector{ APIVersion: "v1", FieldPath: "status.hostIP", }, }, }, { Name: "INSTANA_AGENT_ENABLED", Value: "false", }, }, }
var CommonVolumeMounts = []corev1.VolumeMount{ { Name: Log4jsVolumeName, MountPath: "/etc/config", }, { Name: ClusterCaVolumeName, MountPath: "/opt/ibm/platform-header/certs", }, { Name: UICertVolumeName, MountPath: "/certs/common-web-ui", }, { Name: InternalTLSVolumeName, MountPath: "/etc/internal-tls", }, { Name: IAMDataVolumeName, MountPath: "/etc/iamdata", }, { Name: IAMAuthDataVolumeName, MountPath: "/etc/iamadata", }, { Name: WebUIConfigVolumeName, MountPath: "/etc/config/common-web-ui-config", }, { Name: ClusterInfoConfigVolumeName, MountPath: "/etc/config/ibmcloud-cluster-info", }, { Name: PlatformAuthIdpConfigVolumeName, MountPath: "/etc/config/platform-auth-idp", }, { Name: ZenProductInfoConfigVolumeName, MountPath: "/etc/config/product-configmap", }, }
var DefaultStatusForCR = []string{"none"}
var DefaultVolumeMode int32 = 420
var DeploymentAnnotations = map[string]string{
"scheduler.alpha.kubernetes.io/critical-pod": "",
"productName": "IBM Cloud Platform Common Services",
"productID": "068a62892a1e4db39641342e592daa25",
"productMetric": "FREE",
}
var FalseVar = false
var IAMAuthDataVolume = corev1.Volume{ Name: IAMAuthDataVolumeName, VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ SecretName: "platform-auth-idp-credentials", Items: []corev1.KeyToPath{ { Key: "admin_username", Path: "aun", }, }, Optional: &TrueVar, DefaultMode: &DefaultVolumeMode, }, }, }
var IAMDataVolume = corev1.Volume{ Name: IAMDataVolumeName, VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ SecretName: "platform-oidc-credentials", Items: []corev1.KeyToPath{ { Key: "WLP_CLIENT_SECRET", Path: "wlpcs", }, { Key: "WLP_CLIENT_ID", Path: "wlpcid", }, { Key: "OAUTH2_CLIENT_REGISTRATION_SECRET", Path: "oa2crs", }, }, Optional: &TrueVar, DefaultMode: &DefaultVolumeMode, }, }, }
var InternalTLSVolume = corev1.Volume{ Name: InternalTLSVolumeName, VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ SecretName: "internal-tls", Items: []corev1.KeyToPath{ { Key: "tls.key", Path: "ca.key", }, { Key: "ca.crt", Path: "ca.crt", }, }, Optional: &TrueVar, DefaultMode: &DefaultVolumeMode, }, }, }
var Log4jsConfigMapData = map[string]string{
"log4js.json": ` {
"appenders": {
"console": {
"type": "console",
"layout": {
"type": "pattern",
"pattern": "[%d] [%p] [webui-nav] [%c] %m"
}
}
},
"categories": {
"default": { "appenders": ["console"], "level": "info" },
"request": { "appenders": ["console"], "level": "error" },
"socket.io": { "appenders": ["console"], "level": "error" },
"status": { "appenders": ["console"], "level": "info" },
"watcher": { "appenders": ["console"], "level": "debug" },
"service-watcher": { "appenders": ["console"], "level": "error" },
"session-poller": { "appenders": ["console"], "level": "error" },
"service-discovery": { "appenders": ["console"], "level": "info" },
"service-account": { "appenders": ["console"], "level": "info" },
"version": { "appenders": ["console"], "level": "error" },
"user-mgmt-client": { "appenders": ["console"], "level": "error" },
"oidc-client": { "appenders": ["console"], "level": "error" },
"server": { "appenders": ["console"], "level": "info" },
"auth": { "appenders": ["console"], "level": "error" },
"logout": { "appenders": ["console"], "level": "error" },
"app": { "appenders": ["console"], "level": "error" },
"userMgmt": { "appenders": ["console"], "level": "error" },
"catalog-client": { "appenders": ["console"], "level": "error" },
"template": { "appenders": ["console"], "level": "error" }
}
}`,
}
var Log4jsVolume = corev1.Volume{ Name: Log4jsVolumeName, VolumeSource: corev1.VolumeSource{ ConfigMap: &corev1.ConfigMapVolumeSource{ LocalObjectReference: corev1.LocalObjectReference{ Name: "common-web-ui-log4js", }, Items: []corev1.KeyToPath{ { Key: "log4js.json", Path: "log4js.json", }, }, Optional: &TrueVar, DefaultMode: &DefaultVolumeMode, }, }, }
"kubernetes.io/ingress.class": "ibm-icp-management",
"icp.management.ibm.com/auth-type": "access-token",
"icp.management.ibm.com/secure-backends": "true",
"icp.management.ibm.com/app-root": "/common-nav?root=true",
"icp.management.ibm.com/configuration-snippet": `
add_header 'X-XSS-Protection' '1' always;`,
}var PlatformAuthIdpConfigVolume = corev1.Volume{ Name: PlatformAuthIdpConfigVolumeName, VolumeSource: corev1.VolumeSource{ ConfigMap: &corev1.ConfigMapVolumeSource{ LocalObjectReference: corev1.LocalObjectReference{ Name: "platform-auth-idp", }, Optional: &TrueVar, DefaultMode: &DefaultVolumeMode, }, }, }
var Seconds60 int64 = 60
var TrueVar = true
var UICertVolume = corev1.Volume{ Name: UICertVolumeName, VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ SecretName: UICertSecretName, Optional: &TrueVar, DefaultMode: &DefaultVolumeMode, }, }, }
var UICertificateData = CertificateData{ Name: UICertName, Secret: UICertSecretName, Common: UICertCommonName, App: "common-web-ui", Component: "common-web-ui", }
var WebUIConfigVolume = corev1.Volume{ Name: WebUIConfigVolumeName, VolumeSource: corev1.VolumeSource{ ConfigMap: &corev1.ConfigMapVolumeSource{ LocalObjectReference: corev1.LocalObjectReference{ Name: "common-web-ui-config", }, Optional: &TrueVar, DefaultMode: &DefaultVolumeMode, }, }, }
var ZenProductInfoConfigVolume = corev1.Volume{ Name: ZenProductInfoConfigVolumeName, VolumeSource: corev1.VolumeSource{ ConfigMap: &corev1.ConfigMapVolumeSource{ LocalObjectReference: corev1.LocalObjectReference{ Name: "product-configmap", }, Optional: &TrueVar, DefaultMode: &DefaultVolumeMode, }, }, }
Functions ¶
func CommonWebUIConfigMap ¶
func ContainsString ¶
func DeleteConfigMap ¶
func DeleteGenericResource ¶
func DeleteIngress ¶
func GetCurrentServiceStatus ¶
func GetCurrentServiceStatus(ctx context.Context, k8sClient client.Client, instance *v1alpha1.CommonWebUI, isCncf bool) (status v1alpha1.ServiceStatus)
func GetDesiredRoute ¶
func GetImageID ¶
func GetImageID(imageRegistry, imageName, defaultImageVersion, imagePostfix, envVarName string) string
Constructs image IDs for operands: either <IMAGE_NAME>:<IMAGE_TAG> or <IMAGE_NAME>@<IMAGE_SHA>
func GetResourceLimitsWithDefault ¶
Returns the int64 representation of a resource string if properly formatted. Otherwise, returns the given default value.
func GetResourceMemoryWithDefault ¶
Returns the int64 representation of a resource string if properly formatted. Otherwise, returns the given default value.
func GetStringWithDefault ¶
Returns the given string if is not empty. Otherwise, returns default string.
func IsCertificateEqual ¶
func IsCertificateEqual(oldCertificate, newCertificate *certmgr.Certificate) bool
Use DeepEqual to determine if 2 certificates are equal. Check ObjectMeta and Spec. If there are any differences, return false. Otherwise, return true.
func IsDeploymentEqual ¶
func IsDeploymentEqual(oldDeployment, newDeployment *appsv1.Deployment) bool
Use DeepEqual to determine if 2 deployments are equal. Check labels, replicas, pod template labels, service account names, volumes, containers, init containers, image name, volume mounts, env vars, liveness, readiness. If there are any differences, return false. Otherwise, return true. oldDeployment is the deployment that is currently running. newDeployment is what we expect the deployment to look like.
func IsIngressEqual ¶
Use DeepEqual to determine if 2 ingresses are equal. Check ObjectMeta and Spec. If there are any differences, return false. Otherwise, return true.
func IsRoleBindingEqual ¶
func IsRoleBindingEqual(oldRoleBinding, newRoleBinding *rbacv1.RoleBinding) bool
Use DeepEqual to determine if 2 role bindings are equal. Check metadata, labels, subjects, and role ref. If there are any differences, return false. Otherwise, return true.
func IsRoleEqual ¶
Use DeepEqual to determine if 2 roles are equal. Check metadata, labels, and rules. If there are any differences, return false. Otherwise, return true.
func IsRouteEqual ¶
Use DeepEqual to determine if 2 routes are equal. Check annotations and Spec. If there are any differences, return false. Otherwise, return true.
func IsServiceAccountEqual ¶
func IsServiceAccountEqual(oldSA, newSA *corev1.ServiceAccount) bool
Use DeepEqual to determine if 2 service accounts are equal. Check metadata. If there are any differences, return false. Otherwise, return true.
func IsServiceEqual ¶
Use DeepEqual to determine if 2 services are equal. Check ObjectMeta, Ports and Selector. If there are any differences, return false. Otherwise, return true.
func LabelsForMetadata ¶
Returns the labels associated with the resource being created
func LabelsForPodMetadata ¶
Returns the labels associated with the Pod being created
func LabelsForSelector ¶
Returns the labels for selecting the resources belonging to the given CR
func PreserveKeyValue ¶
func ReconcileAPIIngress ¶
func ReconcileAPIIngress(ctx context.Context, client client.Client, instance *operatorsv1alpha1.CommonWebUI, isCncf bool, needToRequeue *bool) error
func ReconcileAdminHubNavConfig ¶
func ReconcileAdminHubNavConfig(ctx context.Context, client client.Client, instance *operatorsv1alpha1.CommonWebUI) error
func ReconcileCallbackIngress ¶
func ReconcileCallbackIngress(ctx context.Context, client client.Client, instance *operatorsv1alpha1.CommonWebUI, needToRequeue *bool) error
func ReconcileCertificates ¶
func ReconcileCertificates(ctx context.Context, client client.Client, instance *operatorsv1alpha1.CommonWebUI, needToRequeue *bool) error
func ReconcileCommonUIConfigConfigMap ¶
func ReconcileCommonUIConfigConfigMap(ctx context.Context, client client.Client, instance *operatorsv1alpha1.CommonWebUI, needToRequeue *bool) error
func ReconcileDeployment ¶
func ReconcileDeployment(ctx context.Context, client client.Client, instance *operatorsv1alpha1.CommonWebUI, isZen bool, isCncf bool, needToRequeue *bool) error
nolint
func ReconcileLog4jsConfigMap ¶
func ReconcileLog4jsConfigMap(ctx context.Context, client client.Client, instance *operatorsv1alpha1.CommonWebUI, needToRequeue *bool) error
func ReconcileNavIngress ¶
func ReconcileNavIngress(ctx context.Context, client client.Client, instance *operatorsv1alpha1.CommonWebUI, needToRequeue *bool) error
func ReconcileRemoveIngresses ¶
func ReconcileRemoveIngresses(ctx context.Context, client client.Client, instance *operatorsv1alpha1.CommonWebUI, needToRequeue *bool)
func ReconcileRole ¶
func ReconcileRole(ctx context.Context, client client.Client, instance *operatorsv1alpha1.CommonWebUI, needToRequeue *bool) error
func ReconcileRoleBinding ¶
func ReconcileRoleBinding(ctx context.Context, client client.Client, instance *operatorsv1alpha1.CommonWebUI, needToRequeue *bool) error
func ReconcileRoute ¶
func ReconcileRoutes ¶
func ReconcileRoutes(ctx context.Context, client client.Client, instance *operatorsv1alpha1.CommonWebUI, needToRequeue *bool) error
func ReconcileService ¶
func ReconcileService(ctx context.Context, client client.Client, instance *operatorsv1alpha1.CommonWebUI, needToRequeue *bool) error
func ReconcileServiceAccount ¶
func ReconcileServiceAccount(ctx context.Context, client client.Client, instance *operatorsv1alpha1.CommonWebUI, needToRequeue *bool) error