From fc1152d33198ac21cd15017b22cdd0c1197666e3 Mon Sep 17 00:00:00 2001
From: Ewout Prangsma <ewout@prangsma.net>
Date: Thu, 7 Jun 2018 11:09:55 +0200
Subject: [PATCH] Fix endless rotation because of serviceAccount `default`

---
 pkg/deployment/reconcile/plan_builder.go | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/pkg/deployment/reconcile/plan_builder.go b/pkg/deployment/reconcile/plan_builder.go
index ca931981e..081ef2b00 100644
--- a/pkg/deployment/reconcile/plan_builder.go
+++ b/pkg/deployment/reconcile/plan_builder.go
@@ -289,13 +289,21 @@ func podNeedsRotation(p v1.Pod, apiObject metav1.Object, spec api.DeploymentSpec
 	}*/
 
 	// Check service account
-	if p.Spec.ServiceAccountName != groupSpec.GetServiceAccountName() {
+	if normalizeServiceAccountName(p.Spec.ServiceAccountName) != normalizeServiceAccountName(groupSpec.GetServiceAccountName()) {
 		return true, "ServiceAccountName changed"
 	}
 
 	return false, ""
 }
 
+// normalizeServiceAccountName replaces default with empty string, otherwise returns the input.
+func normalizeServiceAccountName(name string) string {
+	if name == "default" {
+		return ""
+	}
+	return ""
+}
+
 // tlsKeyfileNeedsRenewal decides if the certificate in the given keyfile
 // should be renewed.
 func tlsKeyfileNeedsRenewal(log zerolog.Logger, keyfile string) bool {
@@ -374,6 +382,7 @@ func createRotateMemberPlan(log zerolog.Logger, member api.MemberStatus,
 	log.Debug().
 		Str("id", member.ID).
 		Str("role", group.AsRole()).
+		Str("reason", reason).
 		Msg("Creating rotation plan")
 	plan := api.Plan{
 		api.NewAction(api.ActionTypeRotateMember, group, member.ID, reason),
@@ -389,6 +398,7 @@ func createUpgradeMemberPlan(log zerolog.Logger, member api.MemberStatus,
 	log.Debug().
 		Str("id", member.ID).
 		Str("role", group.AsRole()).
+		Str("reason", reason).
 		Msg("Creating upgrade plan")
 	plan := api.Plan{
 		api.NewAction(api.ActionTypeUpgradeMember, group, member.ID, reason),