Fresh install of Trident protect missing ServiceAccount trident-protect-controller-manager

[hy-tomas-terala]

Describe the bug

Using ArgoCD to install trident-protect to a new cluster. The install gets stuck in the Job trident-protect-pre-upgrade-hook with the error message:

Error creating: pods "trident-protect-pre-upgrade-hook-" is forbidden: error looking up service account trident-protect/trident-protect-controller-manager: serviceaccount "trident-protect-controller-manager" not found

Environment

Environment:

• Trident version: [26.02.0]
• Kubernetes orchestrator: [OpenShift 4.21.14, Kubernetes version: v1.34.6]
• Kubernetes enabled feature gates: [-]
• OS: [COREOS]
• NetApp backend types: [ONTAP NAS]
• Other: trident installed using openshift Operator catalog

To Reproduce
Create a namespace called trident-protect without any trident-protect ServiceAccounts already there and apply the following ArgoCD yaml to the cluster, which should install the chart:

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: trident-protect-helm
  namespace: redact
spec:
  project: redact
  source:
    chart: trident-protect
    repoURL: https://netapp.github.io/trident-protect-helm-chart
    targetRevision: 100.2602.0
    helm:
      releaseName: trident-protect
      valuesObject:
        clusterName: redact
  destination:
    server: "https://kubernetes.default.svc"
    namespace: trident-protect
  syncPolicy:
    automated:
      selfHeal: true
    syncOptions:
    - ServerSideApply=true

Expected behavior
Expecting trident-protect to install like the docs describe. So fix would be for the ServiceAccount trident-protect-controller-manager to be applied at the beginning.

Additional context
After applying the ServiceAccount with just a name, the Pod gets created and install proceeds. I used the flag --server-side=true for my kubectl apply command, but should work either way

kind: ServiceAccount
apiVersion: v1
metadata:
  name: trident-protect-controller-manager
  namespace: trident-protect