Skip to content

feat(helm): add ServiceAccount support to mcp-stack chart #1718

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
crivetimihai merged 3 commits into from
Jan 13, 2026
Merged

feat(helm): add ServiceAccount support to mcp-stack chart #1718

crivetimihai merged 3 commits into from
Jan 13, 2026

Conversation

@ppippi-dev
Copy link
Contributor

@ppippi-dev ppippi-dev commented Dec 23, 2025

Summary

  • Add optional ServiceAccount configuration for cloud IAM integration (AWS IRSA, GCP Workload Identity)
  • Disabled by default (serviceAccount.create: false) to maintain backward compatibility
  • Applied to all Deployments and Jobs in the chart

Changes

File Description
values.yaml Add serviceAccount section with create, name, annotations, automountServiceAccountToken
_helpers.tpl Add mcp-stack.serviceAccountName helper function
serviceaccount.yaml New ServiceAccount template (created only when create: true)
values.schema.json Add schema validation for serviceAccount
7 Deployments Add serviceAccountName reference
3 Jobs Add serviceAccountName reference

Usage Example

serviceAccount:
  create: true
  name: "my-custom-sa"
  annotations:
    eks.amazonaws.com/role-arn: arn:aws:iam::123456789:role/my-role

Validation

  • helm lint passes
  • helm template renders correctly with default values
  • helm template --set serviceAccount.create=true creates ServiceAccount resource

@ppippi-dev ppippi-dev force-pushed the feature/helm-serviceaccount-support branch from 4df2b8a to c861fdf Compare December 24, 2025 15:32
@crivetimihai crivetimihai self-assigned this Jan 13, 2026
ppippi-dev and others added 3 commits January 13, 2026 23:26
@ppippi-dev @crivetimihai
feat(helm): add ServiceAccount support to mcp-stack chart
ed14155 
Add optional ServiceAccount configuration for cloud IAM integration
(AWS IRSA, GCP Workload Identity). Disabled by default to maintain
backward compatibility.

- Add serviceAccount section to values.yaml
- Add serviceAccountName helper to _helpers.tpl
- Create serviceaccount.yaml template
- Attach serviceAccountName to all Deployments and Jobs
- Add schema validation in values.schema.json

Signed-off-by: ppippi-dev <[email protected]>
@crivetimihai
fix(helm): add missing serviceAccountName to pgbouncer deployment
fe9499d 
The original PR missed adding serviceAccountName to the pgbouncer
deployment template. This adds it for consistency with all other
deployments and jobs in the chart.

Signed-off-by: Mihai Criveti <[email protected]>
@crivetimihai
docs(helm): add ServiceAccount documentation and regenerate README
96aecd8 
- Add CHANGELOG entry for ServiceAccount support feature
- Add helm-docs comments to serviceAccount values for auto-generated docs
- Document that automountServiceAccountToken only applies when create=true
- Document that all pods share the same ServiceAccount
- Regenerate README.md with helm-docs to include new values

Signed-off-by: Mihai Criveti <[email protected]>
@crivetimihai crivetimihai force-pushed the feature/helm-serviceaccount-support branch from c861fdf to 96aecd8 Compare January 13, 2026 23:50
@crivetimihai
Copy link
Member

crivetimihai commented Jan 13, 2026

Thanks for this contribution @ppippi-dev! 🎉

I've rebased the PR onto main and made a few additional changes:

Fix:

  • Added missing serviceAccountName to the pgbouncer deployment for consistency with other components

Documentation:

  • Added CHANGELOG entry under [1.0.0-BETA-2] for the ServiceAccount feature
  • Added helm-docs comments to values.yaml with descriptions for all serviceAccount.* values
  • Documented that automountServiceAccountToken only applies when create=true
  • Documented that all pods share the same ServiceAccount (by design)
  • Regenerated README.md with helm-docs to include the new values table entries

The PR is ready to merge.

@crivetimihai crivetimihai merged commit 5b7888d into IBM:main Jan 13, 2026
40 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@crivetimihai crivetimihai crivetimihai approved these changes

Assignees

@crivetimihai crivetimihai

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ppippi-dev @crivetimihai