Custom service account for chp proxy

We have a need to specify a custom service account for pods that are being created as part of JupyterHub helm chart, due to workloads running on openshift clusters. I see that there is a hook for hub pods, via hub#serviceAccount#name. There’s a hook for proxy#traefik#serviceAccountName, but not for chp proxy. It uses the configured default service account for the proxy pod.

How can I specify a custom service account name for chp proxy ? Openshift has multiple SCCs requiring pods to have a specific userid range & restricted capabilities, and we can’t upgrade the default service account to have these privileges.

Any help would be appreciated.

You should be able to set serviceAccountName using proxy.chp.extraPodSpec, which allows arbitrary additional fields to be added to pods.

Thanks! This worked. But it seems weird that only traefik has support for custom SA, and not other proxy types. Was it decided explicitly to not support or just not added yet ?

I suspect it’s just that Traefik was added later. CHP will have been there from the very beginning, and maybe pre-dates the convention of having a customisation service account? Feel free to open a PR!

Make sense! I’ll try and add. I can try adding for all proxy types if that’s fine