Merge pull request crossplane#5870 from rpolansky/service-account-creation

phisco · web-flow · commit cfa169335dec · 2024-12-02T11:51:10.000+01:00
Crossplane Helm chart service account creation flag
diff --git a/cluster/charts/crossplane/README.md b/cluster/charts/crossplane/README.md
@@ -125,7 +125,9 @@ and their default values.
 | `securityContextRBACManager.runAsGroup` | The group ID used by the RBAC Manager pod. | `65532` |
 | `securityContextRBACManager.runAsUser` | The user ID used by the RBAC Manager pod. | `65532` |
 | `service.customAnnotations` | Configure annotations on the service object. Only enabled when webhooks.enabled = true | `{}` |
+| `serviceAccount.create` | Specifies whether Crossplane ServiceAccount should be created | `true` |
 | `serviceAccount.customAnnotations` | Add custom `annotations` to the Crossplane ServiceAccount. | `{}` |
+| `serviceAccount.name` | Provide the name of an already created Crossplane ServiceAccount. Required when `serviceAccount.create` is `false` | `""` |
 | `tolerations` | Add `tolerations` to the Crossplane pod deployment. | `[]` |
 | `topologySpreadConstraints` | Add `topologySpreadConstraints` to the Crossplane pod deployment. | `[]` |
 | `webhooks.enabled` | Enable webhooks for Crossplane and installed Provider packages. | `true` |
diff --git a/cluster/charts/crossplane/templates/clusterrolebinding.yaml b/cluster/charts/crossplane/templates/clusterrolebinding.yaml
@@ -11,5 +11,9 @@ roleRef:
   name: {{ template "crossplane.name" . }}
 subjects:
 - kind: ServiceAccount
+  {{- if not .Values.serviceAccount.create }}
+  name: {{ .Values.serviceAccount.name }}
+  {{- else }}
   name: {{ template "crossplane.name" . }}
+  {{- end }}
   namespace: {{ .Release.Namespace }}
diff --git a/cluster/charts/crossplane/templates/deployment.yaml b/cluster/charts/crossplane/templates/deployment.yaml
@@ -47,7 +47,11 @@ spec:
       {{- if .Values.priorityClassName }}
       priorityClassName: {{ .Values.priorityClassName  | quote }}
       {{- end }}
+      {{- if not .Values.serviceAccount.create }}
+      serviceAccountName: {{ .Values.serviceAccount.name }}
+      {{- else }}
       serviceAccountName: {{ template "crossplane.name" . }}
+      {{- end }}
       hostNetwork: {{ .Values.hostNetwork }}
       initContainers:
         - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default (printf "v%s" .Chart.AppVersion) }}"
diff --git a/cluster/charts/crossplane/templates/serviceaccount.yaml b/cluster/charts/crossplane/templates/serviceaccount.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.serviceAccount.create }}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@@ -15,3 +16,4 @@ imagePullSecrets:
 - name: {{ $secret }}
 {{- end }}
 {{ end }}
+{{- end }}
diff --git a/cluster/charts/crossplane/values.yaml b/cluster/charts/crossplane/values.yaml
@@ -40,6 +40,10 @@ customLabels: {}
 customAnnotations: {}
 
 serviceAccount:
+  # -- Specifies whether Crossplane ServiceAccount should be created
+  create: true
+  # -- Provide the name of an already created Crossplane ServiceAccount. Required when `serviceAccount.create` is `false`
+  name: ""
   # -- Add custom `annotations` to the Crossplane ServiceAccount.
   customAnnotations: {}
 
