fix(common): adding feature flag for default serviceaccount name (#360)

charts/library/common/Chart.yaml

@@ -3,7 +3,7 @@ apiVersion: v2
 name: common
 description: Function library for Helm charts
 type: library
-version: 3.5.0
+version: 3.5.1
 kubeVersion: ">=1.22.0-0"
 keywords:
   - common
@@ -16,13 +16,4 @@ annotations:
   artifacthub.io/changes: |-
     - kind: added
       description: |-
-        Add support for binary files in configMapsFromFolderBasePath
-    - kind: added
-      description: |-
-        Add support for internalTrafficPolicy field in Services
-    - kind: added
-      description: |-
-        Add support for multiple ServiceAccounts
-    - kind: added
-      description: |-
-        Add support for multiple RBAC resources
+        Add feature flag to override enforcing the creation of a default ServiceAccount

charts/library/common/templates/lib/pod/fields/_serviceAccountName.tpl

@@ -7,8 +7,12 @@ Returns the value for serviceAccountName
 
   {{- $serviceAccountName := "default" -}}
 
-  {{- if (get (include "bjw-s.common.lib.serviceAccount.getByIdentifier" (dict "rootContext" $rootContext "id" "default") | fromYaml) "create") -}}
-    {{- $serviceAccountName = get (include "bjw-s.common.lib.serviceAccount.getByIdentifier" (dict "rootContext" $rootContext "id" "default") | fromYaml) "name" -}}
+  {{- if $rootContext.Values.enforceServiceAccountCreation -}}
+    {{- if (get (include "bjw-s.common.lib.serviceAccount.getByIdentifier" (dict "rootContext" $rootContext "id" "default") | fromYaml) "create") -}}
+      {{- $serviceAccountName = get (include "bjw-s.common.lib.serviceAccount.getByIdentifier" (dict "rootContext" $rootContext "id" "default") | fromYaml) "name" -}}
+    {{- end -}}
+  {{- else -}}
+      {{- $serviceAccountName = get (include "bjw-s.common.lib.serviceAccount.getByIdentifier" (dict "rootContext" $rootContext "id" "default") | fromYaml) "name" -}}
   {{- end -}}
 
   {{- with $controllerObject.serviceAccount -}}

charts/library/common/templates/lib/serviceAccount/_getByIdentifier.tpl

@@ -5,7 +5,11 @@ Return a ServiceAccount Object by its Identifier.
   {{- $rootContext := .rootContext -}}
   {{- $identifier := .id -}}
   {{- if eq $identifier "default" -}}
-      {{- include "bjw-s.common.lib.serviceAccount.valuesToObject" (dict "rootContext" $rootContext "id" "default" "values" $rootContext.Values.serviceAccount) -}}
+      {{- $serviceAccount := deepCopy $rootContext.Values.serviceAccount -}}
+    {{- if and (eq ($serviceAccount.name) "") (not $serviceAccount.create ) -}}
+      {{- $_ := set $serviceAccount "name" "default" -}}
+    {{- end -}}
+    {{- include "bjw-s.common.lib.serviceAccount.valuesToObject" (dict "rootContext" $rootContext "id" "default" "values" $serviceAccount) -}}
   {{- else -}}
     {{- $serviceAccountValues := dig "extraServiceAccounts" $identifier nil $rootContext.Values.serviceAccount -}}
     {{- if not (empty $serviceAccountValues) -}}

charts/library/common/values.schema.json

@@ -34,6 +34,9 @@
         "$ref": "schemas/controllers.json#/instance"
       }
     },
+    "enforceServiceAccountCreation": {
+      "type": "boolean"
+    },
     "serviceAccount": {
       "$ref": "schemas/serviceAccount.json#/settings"
     },

charts/library/common/values.yaml

@@ -399,6 +399,10 @@ controllers: {}
 #     # Each initContainer should have its own key
 #     initContainers: {}
 
+# -- If true forces the controllers to use the `default` ServiceAccount for the namespace if one is not explicitly defined.
+# This feature flag will be removed on future versions where this will be the default behavior.
+enforceServiceAccountCreation: false
+
 serviceAccount:
   # -- Specifies whether a service account should be created
   # The identifier for this ServiceAccount will be `default`