the repo server does not create a SA, therefore automountServiceAccountToken: false

[pbmoses]

Describe the bug
The repo server does not create a service account, (unlike server, application-controller etc). If a service account is not defined, I believe the deployment is built with automountServiceAccountToken: false (https://github.com/argoproj-labs/argocd-operator/blob/9d60b042f3c7b60661944ef08f05ebc8e17b8403/controllers/argocd/deployment.go#L775), which in turn does not mount the SA token in /var/run/secrets/kubernetes.io/serviceaccount/token .

This seems to only be a problem in the openshift-gitops namespace on the openshift-gitops ACD (presumably due to the operator). I am trying to sort out whether this is intentional.
To Reproduce
Steps to reproduce the behavior:

1. Install from operator.
2. set mountsatoken and serviceaccount in ACD
3. Check deployment and see automountServiceAccountToken: false, which will prevent the token from mounting.
4. See error

Expected behavior
The ability to mount the SA token as takes place with other pods.
Or... allow modifying automountServiceAccountToken in the openshift-gitops ACD (unless this is intentional)

Screenshots

1. ACD with SA set, 2. Deployment

Additional context

[iam-veeramalla]

I can reproduce the bug. Thanks for reporting @pbmoses.

[iam-veeramalla]

Should be fixed in the upstream
https://github.com/argoproj-labs/argocd-operator/blob/755639898c156155085e1fcbe2c3c5e74fec332d/controllers/argocd/deployment.go#L782

[pbmoses]

@iam-veeramalla do you foresee allowing the default SA to be utilized or do you believe a new SA should be utilized ? (I would lean on default based on the testing I've done w Vault/K8s auth)

[hamelg]

This issue is still present in v1.6.1.

[hamelg]

There is a bug when modifying the serviceaccount in the argocd crd : the operator does not reconcile the deployment. Manually deleting the deployment resolves the issue.