From fad65ce6535c3cc2e2fd786df9cbbc21f3855f7f Mon Sep 17 00:00:00 2001
From: "Ventura, Santiago" <venturasr@gmail.com>
Date: Wed, 23 Oct 2019 19:07:13 +0200
Subject: [PATCH] helm: Allow specification of service account in ORY Hydra
 (#67)

---
 helm/charts/hydra/templates/deployment.yaml | 3 +++
 helm/charts/hydra/values.yaml               | 6 ++++++
 2 files changed, 9 insertions(+)

diff --git a/helm/charts/hydra/templates/deployment.yaml b/helm/charts/hydra/templates/deployment.yaml
index ff8b51d0a..67e5e69b0 100644
--- a/helm/charts/hydra/templates/deployment.yaml
+++ b/helm/charts/hydra/templates/deployment.yaml
@@ -47,6 +47,9 @@ spec:
         - name: {{ include "hydra.name" . }}-config-volume
           configMap:
             name: {{ include "hydra.fullname" . }}
+      {{- if .Values.deployment.serviceAccountName  }}
+      serviceAccountName: {{ .Values.deployment.serviceAccountName }}
+      {{- end }}
       containers:
         - name: {{ .Chart.Name }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
diff --git a/helm/charts/hydra/values.yaml b/helm/charts/hydra/values.yaml
index c3b522a58..e5e3914ac 100644
--- a/helm/charts/hydra/values.yaml
+++ b/helm/charts/hydra/values.yaml
@@ -130,6 +130,12 @@ deployment:
   # Configure node tolerations.
   tolerations: []
 
+  ## Specify the serviceAccountName value.
+  ## In some situations it is needed to provides specific permissions to Hydra deployments
+  ## Like for example installing Hydra on a cluster with a PosSecurityPolicy and Istio.
+  ## Uncoment if it is needed to provide a ServiceAccount for the Hydra deployment.
+  # serviceAccountName:
+
 # Configure node affinity
 affinity: {}