fix: use serviceAccount.name for SA name if defined (helm#21744)

fix helm#21743 Signed-off-by: Gazal K <[email protected]>
chqbook-devops · Apr 6, 2020 · 3df54bb · 3df54bb
1 parent 0724c00
commit 3df54bb
Show file tree

Hide file tree

Showing 8 changed files with 16 additions and 15 deletions.
diff --git a/stable/cluster-autoscaler/Chart.yaml b/stable/cluster-autoscaler/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 description: Scales worker nodes within autoscaling groups.
 icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png
 name: cluster-autoscaler
-version: 7.2.0
+version: 7.2.1
 appVersion: 1.17.1
 home: https://github.com/kubernetes/autoscaler
 sources:

diff --git a/stable/cluster-autoscaler/README.md b/stable/cluster-autoscaler/README.md
@@ -170,7 +170,7 @@ Parameter | Description | Default
 `podAnnotations` | annotations to add to each pod | `{}`
 `rbac.create` | If true, create & use RBAC resources | `false`
 `rbac.serviceAccount.create` | If true and rbac.create is also true, a service account will be created | `true`
-`rbac.serviceAccount.name` | existing ServiceAccount to use (ignored if rbac.create=true and rbac.serviceAccount.create=true) | `default`
+`rbac.serviceAccount.name` | The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template | `nil`
 `rbac.serviceAccountAnnotations` | Additional Service Account annotations	| `{}`
 `rbac.pspEnabled` | Must be used with `rbac.create` true. If true, creates & uses RBAC resources required in the cluster with [Pod Security Policies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) enabled. | `false`
 `replicaCount` | desired number of pods | `1`

diff --git a/stable/cluster-autoscaler/templates/_helpers.tpl b/stable/cluster-autoscaler/templates/_helpers.tpl
@@ -75,10 +75,10 @@ Return the appropriate apiVersion for podsecuritypolicy.
 {{/*
 Return the service account name used by the pod.
 */}}
-{{- define "serviceaccount.name" -}}
-{{- if and .Values.rbac.create .Values.rbac.serviceAccount.create -}}
-{{ include "cluster-autoscaler.fullname" . }}
+{{- define "cluster-autoscaler.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "cluster-autoscaler.fullname" .) .Values.serviceAccount.name }}
 {{- else -}}
-{{ .Values.rbac.serviceAccount.name }}
+    {{ default "default" .Values.serviceAccount.name }}
 {{- end -}}
 {{- end -}}
diff --git a/stable/cluster-autoscaler/templates/clusterrolebinding.yaml b/stable/cluster-autoscaler/templates/clusterrolebinding.yaml
@@ -11,6 +11,6 @@ roleRef:
   name: {{ template "cluster-autoscaler.fullname" . }}
 subjects:
   - kind: ServiceAccount
-    name: {{ template "serviceaccount.name" . }}
+    name: {{ template "cluster-autoscaler.serviceAccountName" . }}
     namespace: {{ .Release.Namespace }}
 {{- end -}}
diff --git a/stable/cluster-autoscaler/templates/deployment.yaml b/stable/cluster-autoscaler/templates/deployment.yaml
@@ -191,7 +191,7 @@ spec:
       nodeSelector:
 {{ toYaml .Values.nodeSelector | indent 8 }}
     {{- end }}
-      serviceAccountName: {{ template "serviceaccount.name" . }}
+      serviceAccountName: {{ template "cluster-autoscaler.serviceAccountName" . }}
       tolerations:
 {{ toYaml .Values.tolerations | indent 8 }}
       {{- if .Values.securityContext }}

diff --git a/stable/cluster-autoscaler/templates/rolebinding.yaml b/stable/cluster-autoscaler/templates/rolebinding.yaml
@@ -11,6 +11,6 @@ roleRef:
   name: {{ template "cluster-autoscaler.fullname" . }}
 subjects:
   - kind: ServiceAccount
-    name: {{ template "serviceaccount.name" . }}
+    name: {{ template "cluster-autoscaler.serviceAccountName" . }}
     namespace: {{ .Release.Namespace }}
 {{- end -}}
diff --git a/stable/cluster-autoscaler/templates/serviceaccount.yaml b/stable/cluster-autoscaler/templates/serviceaccount.yaml
@@ -1,11 +1,11 @@
-{{- if and .Values.rbac.create .Values.rbac.serviceAccount.create -}}
+{{- if and .Values.rbac.create .Values.rbac.serviceAccount.create }}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   labels:
 {{ include "cluster-autoscaler.labels" . | indent 4 }}
-  name: {{ template "cluster-autoscaler.fullname" . }}
-{{- end -}}
+  name: {{ template "cluster-autoscaler.serviceAccountName" . }}
+{{- end }}
 {{- if .Values.rbac.serviceAccountAnnotations }}
   annotations: {{ toYaml .Values.rbac.serviceAccountAnnotations | nindent 4 }}
 {{- end }}
diff --git a/stable/cluster-autoscaler/values.yaml b/stable/cluster-autoscaler/values.yaml
@@ -111,11 +111,12 @@ rbac:
   ## If true, create & use Pod Security Policy resources
   ## https://kubernetes.io/docs/concepts/policy/pod-security-policy/
   pspEnabled: false
-  ## if rbac.create is false or (if rbac.create is true and rbac.serviceAccount.create is false)
-  ## the service account rbac.serviceAccount.name will be used instead
   serviceAccount:
+    # Specifies whether a service account should be created
     create: true
-    name: default
+    # The name of the ServiceAccount to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
   ## Annotations for the Service Account
   ##
   serviceAccountAnnotations: {}