Replies: 2 comments
-
I would like it even more if I could specify a pre-existing serviceaccount to use. I use terraform to bootstrap the serviceaccounts to utilize IRSA. Having to set this annotation in the cluster object is less convenient because I don't use terraform for that. |
Beta Was this translation helpful? Give feedback.
0 replies
-
Turning this into a discussion, since it's an open matter not a clear issue |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
There appears to be no way to customize the name of the database cluster service account generated with
serviceaccounttemplate
. Current behavior appears to create a service account with the same name as the cluster. The documentation for AWS EKS IRSA backups shows an example of adding theeks.amazonaws.com/role-arn
annotation, but IRSA requires the trust policy for the IAM role to contain the name of the generated serviceaccount:It would be great to be able to customize the serviceaccountname to prevent conflicts -but at the very least, the current behavior should be documented so that users of the operator know what name to put in the IAM role's trust policy.
Beta Was this translation helpful? Give feedback.
All reactions