Skip to content

Allow to use "serviceAccount" in Helm Charts #6

New issue
New issue
Open
Open
Allow to use "serviceAccount" in Helm Charts#6
Assignees
cteyton
@cteyton

Description

@cteyton
cteyton
opened on Jul 16, 2025

Feature Request: ServiceAccount Support

Description

Add support for configurable ServiceAccounts in the Helm chart to enable custom security contexts for workloads, particularly important for OpenShift deployments where Security Context Constraints (SCCs) are applied at the ServiceAccount level.

Current State

  • All deployments use the default ServiceAccount
  • No ServiceAccount configuration available in values.yaml
  • Workloads run with "restricted" security context by default

Requested Features

  1. ServiceAccount Configuration in values.yaml:

    • Enable/disable ServiceAccount creation
    • Custom ServiceAccount name support
    • Annotations support for SCC binding

  2. Template Implementation:

    • ServiceAccount template with helm.sh/resource-policy: keep annotation
    • Reference ServiceAccount in all deployment templates

  3. Security Context Benefits:

    • Support for "nonroot" SCC instead of "anyuid"
    • Better security posture alignment
    • ServiceAccount persistence across Helm upgrades/uninstalls

Use Case

OpenShift environments where administrators need to assign specific SCCs to ServiceAccounts for appropriate security contexts while maintaining Helm lifecycle management.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions