Add ability to create ServiceAccount for redis

Signed-off-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com>

charts/argo-cd/templates/_helpers.tpl

@@ -88,6 +88,17 @@ Create the name of the dex service account to use
 {{- end -}}
 {{- end -}}
 
+{{/*
+Create the name of the redis service account to use
+*/}}
+{{- define "argo-cd.redisServiceAccountName" -}}
+{{- if .Values.redis.serviceAccount.create -}}
+    {{ default (include "argo-cd.redis.fullname" .) .Values.redis.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.redis.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
 {{/*
 Create the name of the ArgoCD server service account to use
 */}}

charts/argo-cd/templates/redis/deployment.yaml

@@ -30,7 +30,8 @@ spec:
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      automountServiceAccountToken: false
+      automountServiceAccountToken: {{ .Values.redis.serviceAccount.automountServiceAccountToken }}
+      serviceAccountName: {{ template "argo-cd.redisServiceAccountName" . }}
       {{- if .Values.redis.securityContext }}
       securityContext: {{- toYaml .Values.redis.securityContext | nindent 8 }}
       {{- end }}

charts/argo-cd/templates/redis/serviceaccount.yaml

@@ -0,0 +1,15 @@
+{{- if and .Values.redis.enabled .Values.redis.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: {{ .Values.redis.serviceAccount.automountServiceAccountToken }}
+metadata:
+  name: {{ template "argo-cd.redisServiceAccountName" . }}
+{{- if .Values.redis.serviceAccount.annotations }}
+  annotations:
+  {{- range $key, $value := .Values.redis.serviceAccount.annotations }}
+    {{ $key }}: {{ $value | quote }}
+  {{- end }}
+{{- end }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }}
+{{- end }}

charts/argo-cd/values.yaml

@@ -365,6 +365,14 @@ redis:
     fsGroup: 1000
     runAsNonRoot: true
 
+  serviceAccount:
+    create: false
+    name: ""
+    ## Annotations applied to created service account
+    annotations: {}
+    ## Automount API credentials for the Service Account
+    automountServiceAccountToken: false
+
   resources: {}
   #  limits:
   #    cpu: 200m