The Deployment templates (broker_deployment.yaml, code_agent_deployment.yaml, and cra_deployment.yaml) all assume the presence - whether existing or created by the Helm chart itself - of a Kubernetes service account. In our environment, end users are not permitted to create service accounts, thus pod creation fails with the chart as-is.

While there is a serviceAccount.create value, that only disables creation of the service account.

Expected Behavior

Users have the ability to disable use of Kubernetes service accounts in the chart

Current Behavior

No such option exists.

Possible Solution

Ideally, there should be an additional value to denote whether use of a service account is enabled or not.

Steps to Reproduce

1. Run charts against an environment where Kubernetes service account creation is disabled. Alternatively, set .Values.serviceAccount.create to false.
2. Run kubectl get events --sort-by=.metadata.creationTimestamp -n <your_namespace>
3. Observe an error similar to:

5m40s       Warning   FailedCreate        replicaset/github-com-broker-69bd75c5c    Error creating: pods "github-com-broker-69bd75c5c-" is forbidden: error looking up service account my-snyk-namespace/snyk-broker: serviceaccount "snyk-broker" not found

Context (Environment)

This is primarily an issue when either service accounts cannot be created or the user chooses not to create one via .Values.serviceAccount.create

Detailed Description

1. A new value .Values.serviceAccount.enabled should be added
2. The serviceAccountName properties of the deployment spec should be wrapped in a conditional to see if .Values.serviceAccount.enabled is set to true

Possible Implementation

Will submit a PR to implement this