The chart states, in the values file, that:
(...)
serviceAccount:
# The name of the EXISTING service account to be used.
# If the custom name is set we WON'T create the service account
# but presume that it already exists.
existingName: ~However, in the helper function serviceAccount.enabled, there's this piece of logic that dictates whether to create a ServiceAccount:
{{- (not $useExistingName | and (or $useAnnotations $useIamRole)) }}
- This reads:
serviceAccount is enabled if there's no existingName and useAnnotations or useIamRole is defined.
There's a fundamental flaw here:
- There's no need to add
(or $useAnnotations $useIamRole) in this conditional. These bear no influence on whether to create or not a serviceAccount. If anything, these are relevant only for invalidating the release if they're enabled alongside existingName being set, for which there are tests in place that fail the release.
As you can see in this Helm playground, simply using (not $useExistingName) as the condition to define serviceAccount.enabled is all we need. Without this change, this chart won't create a serviceAccount, forcing users to create the ServiceAccount resource outside the chart.
The chart states, in the values file, that:
However, in the helper function
serviceAccount.enabled, there's this piece of logic that dictates whether to create aServiceAccount:{{- (not $useExistingName | and (or $useAnnotations $useIamRole)) }}serviceAccountis enabled if there's noexistingNameanduseAnnotationsoruseIamRoleis defined.There's a fundamental flaw here:
(or $useAnnotations $useIamRole)in this conditional. These bear no influence on whether to create or not a serviceAccount. If anything, these are relevant only for invalidating the release if they're enabled alongsideexistingNamebeing set, for which there are tests in place thatfailthe release.As you can see in this Helm playground, simply using
(not $useExistingName)as the condition to defineserviceAccount.enabledis all we need. Without this change, this chart won't create aserviceAccount, forcing users to create the ServiceAccount resource outside the chart.