From bdf568f48f5e8208aa52716e93203ce5ead4b7cd Mon Sep 17 00:00:00 2001
From: Toomas Pelberg <toomasp@gmx.net>
Date: Wed, 22 Apr 2026 15:35:43 +0300
Subject: [PATCH] Use specified ServiceAccountName in RoleBinding

Signed-off-by: Toomas Pelberg <toomasp@gmx.net>
---
 internal/cnpgi/operator/specs/role.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/internal/cnpgi/operator/specs/role.go b/internal/cnpgi/operator/specs/role.go
index 0972f473..6fee7ec4 100644
--- a/internal/cnpgi/operator/specs/role.go
+++ b/internal/cnpgi/operator/specs/role.go
@@ -127,6 +127,10 @@ func ObjectStoreNamesFromRole(role *rbacv1.Role) []string {
 func BuildRoleBinding(
 	cluster *cnpgv1.Cluster,
 ) *rbacv1.RoleBinding {
+	clusterServiceAccountName := cluster.Name
+	if cluster.Spec.ServiceAccountName != "" {
+		clusterServiceAccountName = cluster.Spec.ServiceAccountName
+	}
 	return &rbacv1.RoleBinding{
 		ObjectMeta: metav1.ObjectMeta{
 			Namespace: cluster.Namespace,
@@ -136,7 +140,7 @@ func BuildRoleBinding(
 			{
 				Kind:      "ServiceAccount",
 				APIGroup:  "",
-				Name:      cluster.Name,
+				Name:      clusterServiceAccountName,
 				Namespace: cluster.Namespace,
 			},
 		},