search

pulumi / pulumi-kubernetes-operator

A Kubernetes Operator that automates the deployment of Pulumi Stacks
Apache License 2.0
214 stars 54 forks source link

Support custom name for serviceAccount in helm chart #529

Closed kerruba-milkman closed 1 week ago

kerruba-milkman commented 7 months ago

Hello!

Issue details

Currently the helm chart uses the helper pulumi-kubernetes-operator.fullname to populate the service account name, but the values.yaml file provide a serviceAccount.name value that is only used if the serviceAccount.create is false.

Could make sense to use the serviceAccount.name field as .metadata.name in the ServiceAccount and fallback to the fullname only if the serviceAccount.name field is empty or missing.

Having to use the fullnameOverride value to override the name of the serviceAccount doesn't provide enought flexibility and it could be confusing having both serviceAccount.create = true and serviceAccount.name = "non-empty-string".

mjeffryes commented 7 months ago

Thanks for reporting this @kerruba-milkman, I'll add it to our backlog.

kerruba-milkman commented 1 month ago

Apparently, there's already an helper function to get the service account name that fallbacks to the fullname in case the serviceAccount.name value is not defined. Maybe it's just a matter of referencing it inside the sa.yaml template instead of the pulumi-kubernetes-operator.fullname function.

Here the update version: 

{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
  name: {{ include "pulumi-kubernetes-operator.serviceAccountName" . }}
  labels:
  {{- include "pulumi-kubernetes-operator.labels" . | nindent 4 }}
  {{- with .Values.serviceAccount.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
{{- end }}

EDIT: I just realized there's already an open PR for this change: https://github.com/pulumi/pulumi-kubernetes-operator/pull/530