feat(cluster): add option to specify shared service account

Signed-off-by: maciej-tatarski <mta@corti.ai>

Author: maciej-tatarski

charts/cluster/Chart.yaml

@@ -22,7 +22,7 @@ description: Deploys and manages a CloudNativePG cluster and its associated reso
 kubeVersion: ">=1.29.0-0"
 icon: https://raw.githubusercontent.com/cloudnative-pg/artwork/main/cloudnativepg-logo.svg
 type: application
-version: 0.6.0
+version: 0.6.1
 sources:
   - https://github.com/cloudnative-pg/charts
 keywords:

charts/cluster/README.md

@@ -196,6 +196,7 @@ Kubernetes: `>=1.29.0-0`
 | cluster.roles | list | `[]` | This feature enables declarative management of existing roles, as well as the creation of new roles if they are not already present in the database. See: https://cloudnative-pg.io/documentation/current/declarative_role_management/ |
 | cluster.securityContext | object | `{}` | Configure Container Security Context. See: https://cloudnative-pg.io/documentation/preview/security/ |
 | cluster.serviceAccountTemplate | object | `{}` | Configure the metadata of the generated service account |
+| cluster.serviceAccountName | string | `""` | Name of the service account to use for the cluster. If not set, a new service account will be created using the template. |
 | cluster.services | object | `{}` | Customization of service definitions. Please refer to https://cloudnative-pg.io/documentation/current/service_management/ |
 | cluster.storage.size | string | `"8Gi"` |  |
 | cluster.storage.storageClass | string | `""` |  |

charts/cluster/templates/cluster.yaml

@@ -110,10 +110,16 @@ spec:
     {{ end }}
   {{- end }}
 
+  {{- if not .Values.cluster.serviceAccountName }}
   {{- with .Values.cluster.serviceAccountTemplate }}
   serviceAccountTemplate:
     {{- toYaml . | nindent 4 }}
   {{- end }}
+  {{- end }}
+
+  {{- if .Values.cluster.serviceAccountName }}
+  serviceAccountName: {{ .Values.cluster.serviceAccountName }}
+  {{- end }}
 
   {{- with .Values.cluster.podSecurityContext }}
   podSecurityContext:

charts/cluster/test/postgresql-cluster-configuration/01-non_default_configuration_cluster-assert.yaml

@@ -127,10 +127,7 @@ spec:
                 test-annotation: "true"
             spec:
               type: LoadBalancer
-  serviceAccountTemplate:
-    metadata:
-      annotations:
-        my-annotation: my-service-account
+  serviceAccountName: my-custom-service-account
   podSecurityContext:
     runAsUser: 26
     runAsGroup: 26

charts/cluster/test/postgresql-cluster-configuration/01-non_default_configuration_cluster.yaml

@@ -127,6 +127,7 @@ cluster:
     metadata:
       annotations:
         my-annotation: my-service-account
+  serviceAccountName: my-custom-service-account
   podSecurityContext:
     runAsUser: 26
     runAsGroup: 26

charts/cluster/values.schema.json

@@ -334,6 +334,9 @@
                 "serviceAccountTemplate": {
                     "type": "object"
                 },
+                "serviceAccountName": {
+                    "type": "string"
+                },
                 "services": {
                     "type": "object"
                 },

charts/cluster/values.yaml

@@ -398,6 +398,9 @@ cluster:
   # -- Configure the metadata of the generated service account
   serviceAccountTemplate: {}
 
+  # -- Configure the name serviceAccount to use for the cluster. If specified, it takes precedence over serviceAccountTemplate.name
+  serviceAccountName: ""
+
   # -- Configure the Pod Security Context.
   # See: https://cloudnative-pg.io/documentation/preview/security/
   podSecurityContext: {}