Chart not using sharedSecretValues.serviceAccount.name if sharedSecretValues.rbac.create is false
Summary
Helm chart condition on setting the sharedSecretValues.serviceAccount.name is not covering the use case of using an existing SA.
Steps to reproduce
Error is at https://gitlab.com/gitlab-org/charts/gitlab/-/blob/master/templates/shared-secrets/_jobspec.yaml#L34 See config below
Configuration used
shared-secrets:
enabled: true
rbac:
create: false
serviceAccount:
create: false
name: k8saas-generic-sa-cicd
Current behavior
helm chart using default for serviceAccount name
Expected behavior
helm chart using k8saas-generic-sa-cicd for serviceAccount name
Versions
- Chart: v4.12.2
- Platform:
- Cloud: AKS
- Kubernetes: (
kubectl version
)- Client: 1.19
- Server: 1.19
- Helm: (
helm version
)- Client: v3.6.0
- Server: v3.6.0
Relevant logs
Error from server (Forbidden): secrets is forbidden: User "system:serviceaccount:gitlab:default" cannot create resource "secrets" in API group "" in the namespace "gitlab"
Error from server (Forbidden): secrets "gitlab-gitlab-shell-host-keys" is forbidden: User "system:serviceaccount:gitlab:default" cannot get resource "secrets" in API group "" in the namespace "gitlab"
Error from server (Forbidden): secrets "gitlab-gitlab-shell-host-keys" is forbidden: User "system:serviceaccount:gitlab:default" cannot get resource "secrets" in API group "" in the namespace "gitlab"
Error from server (Forbidden): secrets is forbidden: User "system:serviceaccount:gitlab:default" cannot create resource "secrets" in API group "" in the namespace "gitlab"
Error from server (Forbidden): secrets "gitlab-gitlab-workhorse-secret" is forbidden: User "system:serviceaccount:gitlab:default" cannot get resource "secrets" in API group "" in the namespace "gitlab"
Error from server (Forbidden): secrets "gitlab-gitlab-workhorse-secret" is forbidden: User "system:serviceaccount:gitlab:default" cannot get resource "secrets" in API group "" in the namespace "gitlab"
Error from server (Forbidden): secrets is forbidden: User "system:serviceaccount:gitlab:default" cannot create resource "secrets" in API group "" in the namespace "gitlab"
Error from server (Forbidden): secrets "gitlab-registry-httpsecret" is forbidden: User "system:serviceaccount:gitlab:default" cannot get resource "secrets" in API group "" in the namespace "gitlab"
Error from server (Forbidden): secrets "gitlab-registry-httpsecret" is forbidden: User "system:serviceaccount:gitlab:default" cannot get resource "secrets" in API group "" in the namespace "gitlab"
Error from server (Forbidden): secrets is forbidden: User "system:serviceaccount:gitlab:default" cannot create resource "secrets" in API group "" in the namespace "gitlab"
Error from server (Forbidden): secrets "gitlab-registry-notification" is forbidden: User "system:serviceaccount:gitlab:default" cannot get resource "secrets" in API group "" in the namespace "gitlab"
Error from server (Forbidden): secrets "gitlab-registry-notification" is forbidden: User "system:serviceaccount:gitlab:default" cannot get resource "secrets" in API group "" in the namespace "gitlab"