Skip to content

feat(helm): add ServiceAccount support to mcp-stack chart #1718

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ppippi-dev wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat(helm): add ServiceAccount support to mcp-stack chart #1718

ppippi-dev wants to merge 1 commit into from

Conversation

@ppippi-dev
Copy link
Contributor

@ppippi-dev ppippi-dev commented Dec 23, 2025

Summary

  • Add optional ServiceAccount configuration for cloud IAM integration (AWS IRSA, GCP Workload Identity)
  • Disabled by default (serviceAccount.create: false) to maintain backward compatibility
  • Applied to all Deployments and Jobs in the chart

Changes

File Description
values.yaml Add serviceAccount section with create, name, annotations, automountServiceAccountToken
_helpers.tpl Add mcp-stack.serviceAccountName helper function
serviceaccount.yaml New ServiceAccount template (created only when create: true)
values.schema.json Add schema validation for serviceAccount
7 Deployments Add serviceAccountName reference
3 Jobs Add serviceAccountName reference

Usage Example

serviceAccount:
  create: true
  name: "my-custom-sa"
  annotations:
    eks.amazonaws.com/role-arn: arn:aws:iam::123456789:role/my-role

Validation

  • helm lint passes
  • helm template renders correctly with default values
  • helm template --set serviceAccount.create=true creates ServiceAccount resource

@ppippi-dev
feat(helm): add ServiceAccount support to mcp-stack chart
c861fdf 
Add optional ServiceAccount configuration for cloud IAM integration
(AWS IRSA, GCP Workload Identity). Disabled by default to maintain
backward compatibility.

- Add serviceAccount section to values.yaml
- Add serviceAccountName helper to _helpers.tpl
- Create serviceaccount.yaml template
- Attach serviceAccountName to all Deployments and Jobs
- Add schema validation in values.schema.json

Signed-off-by: ppippi-dev <[email protected]>
@ppippi-dev ppippi-dev force-pushed the feature/helm-serviceaccount-support branch from 4df2b8a to c861fdf Compare December 24, 2025 15:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@crivetimihai crivetimihai Awaiting requested review from crivetimihai crivetimihai is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ppippi-dev