Support custom ServiceAccounts
Summary
At the moment, we hard-code global.serviceAccount.name
: source. We do this because the specified ServiceAccount is referenced in our provided RoleBindings to ensure that it is associated with the appropriate SecurityContextConstraints (SCCs) in OpenShift.
However, there will be users who either:
- Operate in Kubernetes and therefore do not interact with SCCs, or
- Operate in OpenShift and understand how to properly associate ServiceAccounts with SCCs
Given these scenarios, we should support user-provided ServiceAccounts.
Acceptance criteria
-
Custom ServiceAccounts are supported -
Documentation exists that outlines the importance of ServiceAccount association with SCCs in OpenShift