requestloadbalancer does not apply specified service account #1210
Labels
bug
Something isn't working
Comments
f41gh7
added a commit
that referenced
this issue
Jan 8, 2025
…ncer Initially `ServiceAccount` wasn't defined for `vmauth`'s `Deployment`. Since there was no practial use for it. At older versions of operator it made sense to mount `serviceAccount` for `vminsert` and `vmselect` components because of `PodSecurityPolicy` Kubernetes resources. But it's deprecated now and it makes `serviceAccount` irrelevant for these components. But for production use cases it could be useful. Strict security policy may require to disable auto service account mount. On of possible solutions for it to use `ServiceAccount` with disabled auto-mount option. This commit adds `serviceAccount` of `VMCluster` to the load-balancer `Deployment`. Related issue: #1210 Signed-off-by: f41gh7 <[email protected]>
f41gh7
added
bug
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If you specify a
serviceAccountNamein underVMCluster.spec.requestsLoadBalancer.specit doesn't add the service account to the vmauth pods it creates. This issue does not occur if the service account is allowed to be created automatically, but this deployment is not allowed use automated service accounts. This is happening on version 0.50 of the operator running as a part of victoriametrics-k8s-stackThe text was updated successfully, but these errors were encountered: