Adds serviceAccountTemplate to cluster configuration for IAM support

charts/cluster/README.md

@@ -180,6 +180,7 @@ refer to  the [CloudNativePG Documentation](https://cloudnative-pg.io/documentat
 | cluster.priorityClassName | string | `""` |  |
 | cluster.resources | object | `{}` | Resources requirements of every generated Pod. Please refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for more information. We strongly advise you use the same setting for limits and requests so that your cluster pods are given a Guaranteed QoS. See: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/ |
 | cluster.roles | list | `[]` | This feature enables declarative management of existing roles, as well as the creation of new roles if they are not already present in the database. See: https://cloudnative-pg.io/documentation/current/declarative_role_management/ |
+| cluster.serviceAccountTemplate | object | `{}` | Configure the metadata of the generated service account |
 | cluster.storage.size | string | `"8Gi"` |  |
 | cluster.storage.storageClass | string | `""` |  |
 | cluster.superuserSecret | string | `""` |  |

charts/cluster/templates/cluster.yaml

@@ -74,6 +74,11 @@ spec:
       {{- toYaml . | nindent 6 }}
     {{ end }}
 
+  {{- with .Values.cluster.serviceAccountTemplate }}
+  serviceAccountTemplate:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+
   monitoring:
     enablePodMonitor: {{ and .Values.cluster.monitoring.enabled .Values.cluster.monitoring.podMonitor.enabled }}
     disableDefaultQueries: {{ .Values.cluster.monitoring.disableDefaultQueries }}

charts/cluster/test/postgresql-cluster-configuration/01-non_default_configuration_cluster-assert.yaml

@@ -80,3 +80,7 @@ spec:
         inRoles:
           - pg_monitor
           - pg_signal_backend
+  serviceAccountTemplate:
+    metadata:
+      annotations:
+        my-annotation: my-service-account

charts/cluster/test/postgresql-cluster-configuration/01-non_default_configuration_cluster.yaml

@@ -76,6 +76,10 @@ cluster:
     foo: bar
   annotations:
     foo: bar
+  serviceAccountTemplate:
+    metadata:
+      annotations:
+        my-annotation: my-service-account
 
 backups:
   enabled: false

charts/cluster/values.schema.json

@@ -288,6 +288,9 @@
                 "roles": {
                     "type": "array"
                 },
+                "serviceAccountTemplate": {
+                    "type": "object"
+                },
                 "storage": {
                     "type": "object",
                     "properties": {

charts/cluster/values.yaml

@@ -281,6 +281,9 @@ cluster:
     # postInitApplicationSQL: []
     # postInitTemplateSQL: []
 
+  # -- Configure the metadata of the generated service account
+  serviceAccountTemplate: {}
+
   additionalLabels: {}
   annotations: {}