Set default service account for an OLM install

[erikgb]

We are installing Flux Operator using OLM (from operatorhub), and all our clusters are multi-tenant. To provide our users with a good UX, we have configured the Flux default service account to a service account that is pre-created in all our end-user Flux namespaces, with the RBAC permissions normally given to end-users. This works great!

While experimenting with the new ResourceSet, I noticed that the default service account when reconciling is flux-operator, and I can not find a way to override this default in Flux Operator. Is this possible to configure as you obviously can when installing using Helm, ref. the multitenancy.defaultServiceAccount value. Would it be possible to make this configurable to us as cluster admins?

[stefanprodan]

The issue is that the RedHat Subscription does not allow setting container args, as an OpenShift admin you can only set environment variables. We could expose the SA default as an env var that when set would override the cmd flag. With this your subscription could be:

apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: flux-operator
  namespace: flux-system
spec:
  channel: stable
  installPlanApproval: Automatic
  name: flux-operator
  source: operatorhubio-operators
  sourceNamespace: openshift-marketplace
  config:
    env:
    - name: DEFAULT_SERVICE_ACCOUNT
      value: "sa-name"

[erikgb]

Yeah, this would work for us! 👍