Antiarchitect
commented
2 years ago @sangwa Thank you for you input (perfect PR by the way - no changes by my side). Please take a look at 0.38.0 keydb chart release.
Closed sangwa closed 2 years ago
Antiarchitect
commented
2 years ago @sangwa Thank you for you input (perfect PR by the way - no changes by my side). Please take a look at 0.38.0 keydb chart release.
Following up #48
Istio service mesh uses Kubernetes ServiceAccounts to determine workload identities, and identities are crucial for some advanced features like the mesh authorization policy (defining which services are allowed to communicate with each other). Using the default SA makes implementing such features impossible for KeyDB deployments.
The current version of the chart already provides the serviceAccountName macro in the template helpers but no corresponding manifest code.
This PR adds generation of a dedicated SA (or reusing an existing SA if specified) and setting it in the StatefulSet template. This is a breaking change if enabled so upgrade notes are added regarding this feature. The dedicated SA is disabled by default so the new release is fully backward compatible.