In this environment VIP AuthHub is deployed on Openshift Cluster 4.14.
Customer has restriction to deploy ServiceAccounts, Role and RoleBinding resources but after setting the variable
--set ssp.global.existingDataseedSATokenSecret=<serviceAccountToken's secret name>
in the deployment command it works fine.
When customer try to execute helm uninstall ssp-dev --debug, below error message is observed
client.go:486: [debug] Starting delete for "ssp-dev-ssp-services-actuator-prometheus" ServiceMonitor
client.go:486: [debug] Starting delete for "ssp-dev-ssp-services-metrics" ServiceMonitor
uninstall.go:124: [debug] uninstall: Failed to delete release: [serviceaccounts "ssp-hazelcast" is forbidden: User "<Username>" cannot delete resource "serviceaccounts" in API group "" in the namespace "<NameSpace>"]
Error: failed to delete release: ssp-dev
helm.go:84: [debug] failed to delete release: ssp-dev
helm.sh/helm/v3/pkg/action.(*Uninstall).Run
helm.sh/helm/v3/pkg/action/uninstall.go:125
It looks like that the uninstall try to delete the service account ssp-hazelcast which is was created manually. The uninstall should not try to delete what is created manually.
VIP Authentication Hub 3.2.1
To overcome the issue, it is recommended to include hazelcast-enterprise.serviceAccount.create=false when deploying the chart:
hazelcast-enterprise:
serviceAccount:
# Specifies whether a ServiceAccount should be created
create: false