search

acryldata / datahub-helm

Repository of helm charts for deploying DataHub on a Kubernetes cluster
Apache License 2.0
160 stars 239 forks source link

How do I annotate the service accounts for workload id? #440

Closed red8888 closed 6 months ago

red8888 commented 6 months ago

In order to use workload id I need to annotate the k8s service account like this:

apiVersion: v1
kind: ServiceAccount
metadata:
  annotations:
    iam.gke.io/gcp-service-account: workload-identity@{project}.iam.gserviceaccount.com

I don't generate json keys for my workloads I use workload id.

How can I annotate the right ServiceAccount to hook them up to a google service account?

I also see lots of service accounts: https://github.com/search?q=repo%3Aacryldata%2Fdatahub-helm%20kind%3A%20serviceaccount&type=code

Which one do I annotate to give the big query connector access?

red8888 commented 6 months ago

The chart does let me do this: https://github.com/acryldata/datahub-helm/blob/6888a4956cb552bd7651199e14f2c718931d6361/charts/datahub/subcharts/datahub-gms/values.yaml#L28

I'll close this issue, the real question is if they hard coded the app to demand json keys.