✨ (helm) Service Account support for K8s Resources in Helm Charts

[AlexB-mgtc]

Purpose

Implement #778

Add support for specifying custom service accounts in all Kubernetes resources in our Helm charts to enable workload identity federation with managed cloud services (PostgreSQL, Redis, etc.). This allows deployments to authenticate to cloud resources without embedding credentials in secrets.

Proposal

This PR adds an optional serviceAccountName parameter to each component section in the Helm chart values that can be specified during deployment. When provided, the specified service account will be used for the corresponding Kubernetes resources.

✅ Add serviceAccountName field to Backend deployment and job templates
✅ Add serviceAccountName field to Frontend deployment template
✅ Add serviceAccountName field to Y-Provider deployment template
✅ Update values.yaml with new parameters and documentation
✅ Ensure backward compatibility with null default values
✅ Regenerate README.md
✅ Update CHANGELOG.md

Example usage in values.yaml:

backend:
  serviceAccountName: backend-sa  # For database access

frontend:
  serviceAccountName: frontend-sa  # For storage access

yProvider:
  serviceAccountName: yprovider-sa  # For collaboration services

[lunika]

Hi,
Thank you for your contribution.

In order to merge it can you please

• rebase your branch on the main branch of the project
• sign off your first commit as explain in the contributing guide (https://github.com/suitenumerique/docs/blob/main/CONTRIBUTING.md#contributing-to-the-project)
• remove the sapece between the gitmoji and the subject in your first commit title

Thanks.

[Copilot]

Pull Request Overview

This PR adds service account support to Kubernetes resources in Helm charts to enable workload identity federation with cloud services. This allows deployments to authenticate to cloud resources without embedding credentials in secrets.

• Adds optional serviceAccountName parameter to backend, frontend, and yProvider components
• Updates all deployment and job templates to conditionally use the specified service account
• Maintains backward compatibility with null default values

Reviewed Changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
src/helm/impress/values.yaml	Adds serviceAccountName parameters for backend, frontend, and yProvider components
src/helm/impress/templates/backend_deployment.yaml	Adds conditional serviceAccountName to backend deployment
src/helm/impress/templates/backend_job_migrate.yaml	Adds conditional serviceAccountName to migration job
src/helm/impress/templates/backend_job_createsuperuser.yaml	Adds conditional serviceAccountName to superuser creation job
src/helm/impress/templates/frontend_deployment.yaml	Adds conditional serviceAccountName to frontend deployment
src/helm/impress/templates/yprovider_deployment.yaml	Adds conditional serviceAccountName to yProvider deployment
src/helm/impress/README.md	Documents the new serviceAccountName parameters
CHANGELOG.md	Records the new feature

[rouja]

Hello,

This PR sounds good, but you forgot the celery worker.

[AlexB-mgtc]

I didn't have the time to tidy up the PR myself, thanks for doing it!

[AntoLC]

I didn't have the time to tidy up the PR myself, thanks for doing it!

Thank you for your contribution !