Proposal: remove -serviceaccount suffix from KSA names in helm chart (#…

…10892)

* [WIP] remove -serviceaccount suffix in helm chart

It's quite annoying to have `-serviceaccount` in each service account name as this is a useless 15 characters that provides no additional information.
"why is this so frustrating to you Jake?"
GCP service accounts have 30 char name limit https://cloud.google.com/iam/docs/creating-managing-service-accounts#creating
For manageability / clarity I'd like to keep KSA and GSA names exactly the same when using workload identity which maps KSA<>GSA 1:1 https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity.

chart/files/pod-template-file.yaml

@@ -71,7 +71,7 @@ spec:
     {{ toYaml .Values.affinity | indent 8 }}
   tolerations:
     {{ toYaml .Values.tolerations | indent 8 }}
-  serviceAccountName: '{{ .Release.Name }}-worker-serviceaccount'
+  serviceAccountName: '{{ .Release.Name }}-worker'
   volumes:
   {{- if .Values.dags.persistence.enabled }}
   - name: dags

chart/templates/cleanup/cleanup-cronjob.yaml

@@ -51,7 +51,7 @@ spec:
 {{ toYaml .Values.affinity | indent 12 }}
           tolerations:
 {{ toYaml .Values.tolerations | indent 12 }}
-          serviceAccountName: {{ .Release.Name }}-cleanup-serviceaccount
+          serviceAccountName: {{ .Release.Name }}-cleanup
           {{- if or .Values.registry.secretName .Values.registry.connection }}
           imagePullSecrets:
             - name: {{ template "registry_secret" . }}

chart/templates/cleanup/cleanup-serviceaccount.yaml

@@ -22,7 +22,7 @@
 kind: ServiceAccount
 apiVersion: v1
 metadata:
-  name: {{ .Release.Name }}-cleanup-serviceaccount
+  name: {{ .Release.Name }}-cleanup
   labels:
     tier: airflow
     release: {{ .Release.Name }}

chart/templates/rbac/pod-cleanup-rolebinding.yaml

@@ -37,6 +37,6 @@ roleRef:
   name: {{ .Release.Name }}-cleanup-role
 subjects:
   - kind: ServiceAccount
-    name: {{ .Release.Name }}-cleanup-serviceaccount
+    name: {{ .Release.Name }}-cleanup
     namespace: {{ .Release.Namespace }}
 {{- end }}

chart/templates/rbac/pod-launcher-rolebinding.yaml

@@ -40,12 +40,12 @@ roleRef:
 subjects:
 {{- if $grantScheduler }}
   - kind: ServiceAccount
-    name: {{ .Release.Name }}-scheduler-serviceaccount
+    name: {{ .Release.Name }}-scheduler
     namespace: {{ .Release.Namespace }}
 {{- end }}
 {{- if $grantWorker }}
   - kind: ServiceAccount
-    name: {{ .Release.Name }}-worker-serviceaccount
+    name: {{ .Release.Name }}-worker
     namespace: {{ .Release.Namespace }}
 {{- end }}
 {{- end }}

chart/templates/scheduler/scheduler-deployment.yaml

@@ -83,7 +83,7 @@ spec:
 {{ toYaml .Values.tolerations | indent 8 }}
       restartPolicy: Always
       terminationGracePeriodSeconds: 10
-      serviceAccountName: {{ .Release.Name }}-scheduler-serviceaccount
+      serviceAccountName: {{ .Release.Name }}-scheduler
       securityContext:
         runAsUser: {{ .Values.uid }}
         fsGroup: {{ .Values.gid }}

chart/templates/scheduler/scheduler-serviceaccount.yaml

@@ -22,7 +22,7 @@
 kind: ServiceAccount
 apiVersion: v1
 metadata:
-  name: {{ .Release.Name }}-scheduler-serviceaccount
+  name: {{ .Release.Name }}-scheduler
   labels:
     tier: airflow
     release: {{ .Release.Name }}

chart/templates/workers/worker-deployment.yaml

@@ -72,7 +72,7 @@ spec:
 {{ toYaml .Values.tolerations | indent 8 }}
       terminationGracePeriodSeconds: {{ .Values.workers.terminationGracePeriodSeconds }}
       restartPolicy: Always
-      serviceAccountName: {{ .Release.Name }}-worker-serviceaccount
+      serviceAccountName: {{ .Release.Name }}-worker
       securityContext:
         runAsUser: {{ .Values.uid }}
         fsGroup: {{ .Values.gid }}

chart/templates/workers/worker-serviceaccount.yaml

@@ -22,7 +22,7 @@
 kind: ServiceAccount
 apiVersion: v1
 metadata:
-  name: {{ .Release.Name }}-worker-serviceaccount
+  name: {{ .Release.Name }}-worker
   labels:
     tier: airflow
     release: {{ .Release.Name }}