Open greatehop opened 6 months ago
Please set rbac.create
to false
.
rbac:
create: false
serviceAccount:
name: "aws-ga-controller"
If rbac.create
is set to false
, the service account will not be created. However, I need to create a service account, but with my own name.
Hmm, you mean you want helm to create a ServiceAccount, but do you want to specify the name? Why?
yes I use IRSA to map AWS IAM role to k8s service account. This IAM role is created by Terraform first (before helm deployment) and its trust policy consists of namespace and service account name. Something like:
module "globalaccelerator-controller" {
source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
role_name = "${local.basename}-globalaccelerator-controller"
role_policy_arns = {
globalaccelerator = aws_iam_policy.globalaccelerator-controller.arn
}
oidc_providers = {
dev = {
provider_arn = module.eks.openid_provider_arn
namespace_service_accounts = ["aws-ga-controller:aws-global-accelerator-controller-manager"] # namespace:sa
}
}
}
Currently helm chart 0.7.1 supports only one name for SA - "aws-global-accelerator-controller-manager". I'd like to be able to set any custom SA name.
OK, I see.
Hi
helm chart version 0.7.1 does not allow to set custom ServiceAccount name:
I expect "aws-ga-controller" instead of "aws-global-accelerator-controller-manager", as it's hardcoded at _helper.tpl