From d86b2bd1896b61ada2606534f5e1bb77b883a700 Mon Sep 17 00:00:00 2001
From: GabrielHM98 <gabe.hmartins98@gmail.com>
Date: Fri, 1 May 2026 00:43:37 -0300
Subject: [PATCH] feat: includes optional serviceaccount for job-controller sts

---
 .../templates/job-controller-deployment.yaml             | 3 +++
 .../templates/job-controller-service-account.yaml        | 9 +++++++++
 .../falcon-self-hosted-registry-assessment/values.yaml   | 2 ++
 3 files changed, 14 insertions(+)
 create mode 100644 helm-charts/falcon-self-hosted-registry-assessment/templates/job-controller-service-account.yaml

diff --git a/helm-charts/falcon-self-hosted-registry-assessment/templates/job-controller-deployment.yaml b/helm-charts/falcon-self-hosted-registry-assessment/templates/job-controller-deployment.yaml
index 087fa1e5..7489f23a 100644
--- a/helm-charts/falcon-self-hosted-registry-assessment/templates/job-controller-deployment.yaml
+++ b/helm-charts/falcon-self-hosted-registry-assessment/templates/job-controller-deployment.yaml
@@ -18,6 +18,9 @@ spec:
       annotations:
         checksum/config: {{ include (print $.Template.BasePath "/job-controller-configmap.yaml") . | sha256sum }}
     spec:
+      {{ if .Values.jobController.serviceAccount.create }}
+      serviceAccountName: {{ include "ra-self-hosted-job-controller.fullname" . }}
+      {{- end }}
       securityContext:
 {{ if .Values.jobController.podSecurityContext -}}
 {{ .Values.jobController.podSecurityContext | toYaml | indent 8 }}
diff --git a/helm-charts/falcon-self-hosted-registry-assessment/templates/job-controller-service-account.yaml b/helm-charts/falcon-self-hosted-registry-assessment/templates/job-controller-service-account.yaml
new file mode 100644
index 00000000..08734a22
--- /dev/null
+++ b/helm-charts/falcon-self-hosted-registry-assessment/templates/job-controller-service-account.yaml
@@ -0,0 +1,9 @@
+{{ if .Values.jobController.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "ra-self-hosted-job-controller.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "ra-self-hosted-job-controller.labels" . | nindent 4 }}
+{{- end }}
\ No newline at end of file
diff --git a/helm-charts/falcon-self-hosted-registry-assessment/values.yaml b/helm-charts/falcon-self-hosted-registry-assessment/values.yaml
index d388ee83..b32c07b8 100644
--- a/helm-charts/falcon-self-hosted-registry-assessment/values.yaml
+++ b/helm-charts/falcon-self-hosted-registry-assessment/values.yaml
@@ -138,6 +138,8 @@ executor:
 #      optional: false
 
 jobController:
+  serviceAccount:
+    create: false # true also deploys a Service Account for the job controller if it's required to have one by restrictions like Openshift Container Platform's Security Context Constraints
   storageEngine: "sqlite"  # sqlite or memory
   image:
     registry: