ROB-2586 allow disable svc account

[RoiGlinik]

No description provided.

[coderabbitai]

Walkthrough

Added conditional flags and wrapped RBAC templates so kubewatch and runner service-account related resources are emitted only when their respective createServiceAccount values are true; flags were added to values.yaml.

Changes

Cohort / File(s)	Summary
Conditional Service Account Templates helm/robusta/templates/forwarder-service-account.yaml, helm/robusta/templates/runner-service-account.yaml	Wrapped ClusterRole, ServiceAccount, ClusterRoleBinding (and related SCC block) in component-specific if blocks that check createServiceAccount. Resources are rendered only when the corresponding flag is true.
Configuration Flags helm/robusta/values.yaml	Added createServiceAccount: true under the kubewatch and runner sections to control conditional rendering of service account resources.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

• Verify conditional if/end placement and comment markers in both templates.
• Confirm flag names match references and defaults are intentional.

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	No pull request description was provided by the author, making it impossible to evaluate whether it relates to the changeset.	Add a brief description explaining what the PR does, why these changes are needed, and how the new createServiceAccount flags work.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: adding conditional flags to allow disabling service account creation for kubewatch and runner components.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch ROB-2586-allow-disable-svc-account

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f9aee98 and 6df27ef.

📒 Files selected for processing (1)

• helm/robusta/values.yaml (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• helm/robusta/values.yaml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: run_tests
• GitHub Check: run_tests
• GitHub Check: Deploy docs

Tip

📝 Customizable high-level summaries are now available in beta!

You can now customize how CodeRabbit generates the high-level summary in your pull requests — including its content, structure, tone, and formatting.

• Provide your own instructions using the high_level_summary_instructions setting.
• Format the summary however you like (bullet lists, tables, multi-section layouts, contributor stats, etc.).
• Use high_level_summary_in_walkthrough to move the summary from the description to the walkthrough section.

Example instruction:

"Divide the high-level summary into five sections:

1. 📝 Description — Summarize the main change in 50–60 words, explaining what was done.
2. 📓 References — List relevant issues, discussions, documentation, or related PRs.
3. 📦 Dependencies & Requirements — Mention any new/updated dependencies, environment variable changes, or configuration updates.
4. 📊 Contributor Summary — Include a Markdown table showing contributions:
   | Contributor | Lines Added | Lines Removed | Files Changed |
5. ✔️ Additional Notes — Add any extra reviewer context.
   Keep each section concise (under 200 words) and use bullet or numbered lists for clarity."

Note: This feature is currently in beta for Pro-tier users, and pricing will be announced later.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

helm/robusta/templates/forwarder-service-account.yaml (1)

1-1: Conditional service account creation properly implemented, but fix closing comment for consistency.

The RBAC resource block is correctly wrapped with .Values.kubewatch.createServiceAccount. However, the closing comment on line 139 uses the generic form # createServiceAccount, while the parallel runner template uses the more specific form # runner.createServiceAccount. Standardize the comment for better maintainability.

Update line 139 to match the pattern used in runner-service-account.yaml:

-{{- end }} # createServiceAccount
+{{- end }} # kubewatch.createServiceAccount

Also applies to: 139-139

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 910f863 and f9aee98.

📒 Files selected for processing (3)

• helm/robusta/templates/forwarder-service-account.yaml (2 hunks)
• helm/robusta/templates/runner-service-account.yaml (2 hunks)
• helm/robusta/values.yaml (2 hunks)

🧰 Additional context used

🪛 YAMLlint (1.37.1)

helm/robusta/templates/forwarder-service-account.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

helm/robusta/templates/runner-service-account.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: run_tests

🔇 Additional comments (3)

helm/robusta/values.yaml (2)

660-661: Configuration flag properly positioned and defaults to backwards-compatible behavior.

The new createServiceAccount: true flag for kubewatch is well-placed alongside the existing customServiceAccount field, allowing users to either auto-create or specify a manually-managed service account.

---

701-702: Configuration flag properly positioned and defaults to backwards-compatible behavior.

The new createServiceAccount: true flag for runner follows the same pattern as kubewatch, providing a clean opt-out mechanism for users managing RBAC externally.

helm/robusta/templates/runner-service-account.yaml (1)

1-1: Conditional service account creation properly implemented.

The entire RBAC resource block (ClusterRole, ServiceAccount, ClusterRoleBinding) is correctly wrapped with the .Values.runner.createServiceAccount condition. When set to false, users must either specify an existing service account via customServiceAccount or manage the RBAC resources externally.

Verify that the runner deployment correctly handles the case when createServiceAccount: false by confirming that either customServiceAccount is specified or the service account already exists in the target namespace.

Also applies to: 376-376