Custom service account name is not used in role binding

[nicoring]

Hey! When setting a custom service account name with:

serviceAccount:
  name: "infra-datalore-dev"

The datalore logs show lots of these errors:

11:18:33.896 WARN  [Datalore EDT Manager] j.d.n.s.c.a.i.i.k.KubernetesInstanceManager - Exception during creating k8s agent: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"pods is forbidden: User \"system:serviceaccount:infra-datalore:infra-datalore-dev\" cannot create resource \"pods\" in API group \"\" in the namespace \"infra-datalore\"","reason":"Forbidden","details":{"kind":"pods"},"code":403}

Which I think is based on using datalore.fullname instead of datalore.serviceAccountName in line 14 in charts/datalore/templates/rolebinding.yaml:

{{- if .Values.serviceAccount.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: {{ include "datalore.fullname" . }}
  labels:
    {{- include "datalore.labels" . | nindent 4 }}
roleRef:
  kind: Role
  name: {{ include "datalore.fullname" . }}
  apiGroup: ""
subjects:
  - kind: ServiceAccount
    name: {{ include "datalore.fullname" . }}
{{- end }}

When setting the custom service account name to the same as datalore.fullname the errors go away and everything works fine.

[alexandrvb]

Hello @nicoring Thank you for pointing that out! We've fixed it in the main branch. The fix will also be included in the next release.