feat: add helm support for existing Service Accounts

[kassarl]

What type of PR is this?
/kind feature

What this PR does / why we need it:
Allows a user to define an pre-created Service Account in the Helm chart, a feature offered offered by other CSI drivers
Which issue(s) this PR fixes:

Fixes #709

Requirements:

• uses conventional commit messages
• includes documentation
• adds unit tests
• tested upgrade from previous version

Special notes for your reviewer:

Release note:

none

[k8s-ci-robot]

Hi @kassarl. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[andyzhangx]

that's redundant, could just use serviceAccount.controller.name instead since it would always be provided either by default value or user.

[kassarl]

I was using this "create" value in each of the templates for creating the SA (e.g. serviceaccount-csi-azuredisk-controller.yaml), since that was how it was previously structured. Should I instead do a check, if the name != default then create the service account?

[andyzhangx]

since there is already serviceAccount.create and rbac.create, only need to specify controller.name, node.name, snapshotcontroller.name, if user wants to bring their own serviceAccount, they need to --set serviceAccount.create=false --set rbac.create=false --set serviceAccount.controller.name=x --set serviceAccount.node.name=x --set serviceAccount.snapshotcontroller.name=x

[andyzhangx]

what about set serviceAccount.controller: csi-azuredisk-controller-sa, serviceAccount.node: csi-azuredisk-node-sa, etc. ? That would make logic more clear.

[edreed]

Since service account creation for the snapshot controller is enabled through snapshot.snapshotController.serviceAccount, it would be better to group this value with that setting, e.g. snapshot.snapshotController.serviceAccountName

[andyzhangx]

good catch, I think we could remove following settings

  snapshotController:
    serviceAccount: true
    rbac: true

should all depend on

serviceAccount:
  create: true

rbac:
  create: true

That would make the logic more clear.

[kassarl]

OK, I have updated it to reflect the snapshot, controller, and node all depending on serviceAccount.create, and the snapshot rbac depending on rbac.create, and removed these fields from snapshot.snapshotController. I think this is a bit clearer, otherwise I can move the snapshot sa name to snapshot.snasphotController

[edreed]

/lgtm

[kassarl]

/retest

[k8s-ci-robot]

@kassarl: Cannot trigger testing until a trusted user reviews the PR and leaves an /ok-to-test message.

In response to this:

/retest

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[andyzhangx]

/ok-to-test

[andyzhangx]

/lgtm

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: andyzhangx, kassarl

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [andyzhangx]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment