Skip to content

Support custom ServiceAccounts

Summary

At the moment, we hard-code global.serviceAccount.name: source. We do this because the specified ServiceAccount is referenced in our provided RoleBindings to ensure that it is associated with the appropriate SecurityContextConstraints (SCCs) in OpenShift.

However, there will be users who either:

  • Operate in Kubernetes and therefore do not interact with SCCs, or
  • Operate in OpenShift and understand how to properly associate ServiceAccounts with SCCs

Given these scenarios, we should support user-provided ServiceAccounts.

Acceptance criteria

  • Custom ServiceAccounts are supported
  • Documentation exists that outlines the importance of ServiceAccount association with SCCs in OpenShift