ServiceAccount creation logic is broken #219
Description
The chart states, in the values file, that:
(...)
serviceAccount:
# The name of the EXISTING service account to be used.
# If the custom name is set we WON'T create the service account
# but presume that it already exists.
existingName: ~However, in the helper function serviceAccount.enabled, there's this piece of logic that dictates whether to create a ServiceAccount:
{{- (not $useExistingName | and (or $useAnnotations $useIamRole)) }}- This reads:
serviceAccountis enabled if there's noexistingNameanduseAnnotationsoruseIamRoleis defined.
There's a fundamental flaw here:
- There's no need to add
(or $useAnnotations $useIamRole)in this conditional. These bear no influence on whether to create or not a serviceAccount. If anything, these are relevant only for invalidating the release if they're enabled alongsideexistingNamebeing set, for which there are tests in place thatfailthe release.
As you can see in this Helm playground, simply using (not $useExistingName) as the condition to define serviceAccount.enabled is all we need. Without this change, this chart won't create a serviceAccount, forcing users to create the ServiceAccount resource outside the chart.