feat: Ability to create/specify Service Account (#1919)

* fix: Remove Duplicate Path Key

* feat: Add ability to specify service account with annotations

Inspired by #1783

I needed it in my environment so I figured might as well contribute to upstream

* docs: Reformat README.md, add documentation for serviceAccount

---------

Co-authored-by: Diego Molina <[email protected]>

charts/selenium-grid/README.md

@@ -73,19 +73,22 @@ helm uninstall selenium-grid
 
 For now, global configuration supported is:
 
-| Parameter                             | Default                            | Description                           |
-| -----------------------------------   | ---------------------------------- | ------------------------------------- |
-| `global.seleniumGrid.imageTag`        | `4.11.0-20230801`                  | Image tag for all selenium components |
-| `global.seleniumGrid.nodesImageTag`   | `4.11.0-20230801`                  | Image tag for browser's nodes         |
-| `global.seleniumGrid.imagePullSecret` | `""`                               | Pull secret to be used for all images |
-| `global.seleniumGrid.imagePullSecret` | `""`                               | Pull secret to be used for all images |
-| `global.seleniumGrid.affinity`        | `{}`                               | Affinity assigned globally            |
+| Parameter                             | Default           | Description                           |
+|---------------------------------------|-------------------|---------------------------------------|
+| `global.seleniumGrid.imageTag`        | `4.11.0-20230801` | Image tag for all selenium components |
+| `global.seleniumGrid.nodesImageTag`   | `4.11.0-20230801` | Image tag for browser's nodes         |
+| `global.seleniumGrid.imagePullSecret` | `""`              | Pull secret to be used for all images |
+| `global.seleniumGrid.imagePullSecret` | `""`              | Pull secret to be used for all images |
+| `global.seleniumGrid.affinity`        | `{}`              | Affinity assigned globally            |
 
 This table contains the configuration parameters of the chart and their default values:
 
 | Parameter                                   | Default                                     | Description                                                                                                                |
-| ---------------------------------------     | ----------------------------------          | -------------------------------------------------------------------------------------------------------------------------- |
+|---------------------------------------------|---------------------------------------------|----------------------------------------------------------------------------------------------------------------------------|
 | `isolateComponents`                         | `false`                                     | Deploy Router, Distributor, EventBus, SessionMap and Nodes separately                                                      |
+| `serviceAccount.create`                     | `true`                                      | Enable or disable creation of service account (if `false`, `serviceAccount.name` MUST be specified                         |
+| `serviceAccount.name`                       | `""`                                        | Name of the service account to be made or existing service account to use for all deployments and jobs                     |
+| `serviceAccount.annotations`                | `{}`                                        | Custom annotations for service account                                                                                     |
 | `busConfigMap.name`                         | `selenium-event-bus-config`                 | Name of the configmap that contains SE_EVENT_BUS_HOST, SE_EVENT_BUS_PUBLISH_PORT and SE_EVENT_BUS_SUBSCRIBE_PORT variables |
 | `busConfigMap.annotations`                  | `{}`                                        | Custom annotations for configmap                                                                                           |
 | `nodeConfigMap.name`                        | `selenium-node-config`                      | Name of the configmap that contains common environment variables for browser nodes                                         |
@@ -219,7 +222,7 @@ https://github.com/kedacore/charts/blob/main/keda/README.md for more details.
 
 ### Configuration for Selenium-Hub
 
-You can configure the Selenium Hub with this values:
+You can configure the Selenium Hub with these values:
 
 | Parameter                       | Default           | Description                                                                                                                                      |
 |---------------------------------|-------------------|--------------------------------------------------------------------------------------------------------------------------------------------------|
@@ -241,8 +244,8 @@ You can configure the Selenium Hub with this values:
 | `hub.subPath`                   | `/`               | Custom sub path for the hub deployment                                                                                                           |
 | `hub.extraEnvironmentVariables` | `nil`             | Custom environment variables for selenium-hub                                                                                                    |
 | `hub.extraEnvFrom`              | `nil`             | Custom environment variables for selenium taken from `configMap` or `secret`-hub                                                                 |
-| `hub.extraVolumeMounts`         | `[]`              | Extra mounts of declared ExtraVolumes into pod                                                                             |
-| `hub.extraVolumes`              | `[]`              | Extra Volumes declarations to be used in the pod (can be any supported volume type: ConfigMap, Secret, PVC, NFS, etc.)     |
+| `hub.extraVolumeMounts`         | `[]`              | Extra mounts of declared ExtraVolumes into pod                                                                                                   |
+| `hub.extraVolumes`              | `[]`              | Extra Volumes declarations to be used in the pod (can be any supported volume type: ConfigMap, Secret, PVC, NFS, etc.)                           |
 | `hub.resources`                 | `{}`              | Resources for selenium-hub container                                                                                                             |
 | `hub.securityContext`           | `See values.yaml` | Security context for selenium-hub container                                                                                                      |
 | `hub.serviceType`               | `ClusterIP`       | Kubernetes service type (see https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types)                 |

charts/selenium-grid/templates/_helpers.tpl

@@ -80,6 +80,13 @@ Ingress fullname
 {{- default "selenium-ingress" .Values.ingress.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
+{{/*
+Service Account fullname
+*/}}
+{{- define "seleniumGrid.serviceAccount.fullname" -}}
+{{- .Values.serviceAccount.name | default "selenium-serviceaccount" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
 {{/*
 Is autoscaling using KEDA enabled
 */}}
@@ -110,6 +117,8 @@ template:
         {{ toYaml . | nindent 6 }}
       {{- end }}
   spec:
+    serviceAccountName: {{ template "seleniumGrid.serviceAccount.fullname" . }}
+    serviceAccount: {{ template  "seleniumGrid.serviceAccount.fullname" . }}
     restartPolicy: {{ and (eq (include "seleniumGrid.useKEDA" .) "true") (eq .Values.autoscaling.scalingType "job") | ternary "Never" "Always" }}
   {{- with .node.hostAliases }}
     hostAliases: {{ toYaml . | nindent 6 }}

charts/selenium-grid/templates/distributor-deployment.yaml

@@ -24,6 +24,8 @@ spec:
       annotations: {{- toYaml . | nindent 8 }}
     {{- end }}
     spec:
+      serviceAccountName: {{ template "seleniumGrid.serviceAccount.fullname" . }}
+      serviceAccount: {{ template "seleniumGrid.serviceAccount.fullname" . }}
       containers:
         - name: selenium-distributor
           {{- $imageTag := default .Values.global.seleniumGrid.imageTag .Values.components.distributor.imageTag }}

charts/selenium-grid/templates/event-bus-deployment.yaml

@@ -24,6 +24,8 @@ spec:
       annotations: {{- toYaml . | nindent 8 }}
     {{- end }}
     spec:
+      serviceAccountName: {{ template "seleniumGrid.serviceAccount.fullname" . }}
+      serviceAccount: {{ template "seleniumGrid.serviceAccount.fullname" . }}
       containers:
         - name: selenium-event-bus
           {{- $imageTag := default .Values.global.seleniumGrid.imageTag .Values.components.eventBus.imageTag }}

charts/selenium-grid/templates/hub-deployment.yaml

@@ -27,6 +27,8 @@ spec:
       annotations: {{- toYaml . | nindent 8 }}
     {{- end }}
     spec:
+      serviceAccountName: {{ template "seleniumGrid.serviceAccount.fullname" . }}
+      serviceAccount: {{ template  "seleniumGrid.serviceAccount.fullname" . }}
       containers:
         - name: selenium-hub
           {{- $imageTag := default .Values.global.seleniumGrid.imageTag .Values.hub.imageTag }}

charts/selenium-grid/templates/router-deployment.yaml

@@ -24,6 +24,8 @@ spec:
       annotations: {{- toYaml . | nindent 8 }}
     {{- end }}
     spec:
+      serviceAccountName: {{ template "seleniumGrid.serviceAccount.fullname" . }}
+      serviceAccount: {{ template "seleniumGrid.serviceAccount.fullname" . }}
       containers:
         - name: selenium-router
           {{- $imageTag := default .Values.global.seleniumGrid.imageTag .Values.components.router.imageTag }}

charts/selenium-grid/templates/serviceaccount.yaml

@@ -0,0 +1,17 @@
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "seleniumGrid.serviceAccount.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: selenium-service-account
+    {{- include "seleniumGrid.commonLabels" . | nindent 4 }}
+    {{- with .Values.customLabels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}

charts/selenium-grid/templates/session-map-deployment.yaml

@@ -24,6 +24,8 @@ spec:
       annotations: {{- toYaml . | nindent 8 }}
     {{- end }}
     spec:
+      serviceAccountName: {{ template "seleniumGrid.serviceAccount.fullname" . }}
+      serviceAccount: {{ template "seleniumGrid.serviceAccount.fullname" . }}
       containers:
         - name: selenium-session-map
           {{- $imageTag := default .Values.global.seleniumGrid.imageTag .Values.components.sessionMap.imageTag }}

charts/selenium-grid/templates/session-queuer-deployment.yaml

@@ -24,6 +24,8 @@ spec:
       annotations: {{- toYaml . | nindent 8 }}
     {{- end }}
     spec:
+      serviceAccountName: {{ template "seleniumGrid.serviceAccount.fullname" . }}
+      serviceAccount: {{ template "seleniumGrid.serviceAccount.fullname" . }}
       containers:
         - name: selenium-session-queue
           {{- $imageTag := default .Values.global.seleniumGrid.imageTag .Values.components.sessionQueue.imageTag }}

charts/selenium-grid/values.yaml

@@ -19,6 +19,12 @@ basicAuth:
 # Deploy Router, Distributor, EventBus, SessionMap and Nodes separately
 isolateComponents: false
 
+# Service Account for all components
+serviceAccount:
+  create: true
+  name: ""
+  annotations: {}
+
 # Configure the ingress resource to access the Grid installation.
 ingress:
   # Enable or disable ingress resource
@@ -33,7 +39,6 @@ ingress:
   path: /
   # TLS backend configuration for ingress resource
   tls: []
-  path: /
 
 # ConfigMap that contains SE_EVENT_BUS_HOST, SE_EVENT_BUS_PUBLISH_PORT and SE_EVENT_BUS_SUBSCRIBE_PORT variables
 busConfigMap: