You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem or unsupported use case? Please describe.
I need to use workload identity in managed Kubernetes services (GKE/EKS/AKS) to authenticate pods to managed cloud services like PostgreSQL, Redis, and object storage without embedding credentials.
Currently, the Helm chart doesn't support specifying custom service accounts for deployments and jobs, which prevents leveraging cloud provider IAM-based auth mechanisms.
Describe the solution you'd like
Add an optional serviceAccountName parameter to each component in the Helm chart (backend, frontend, yProvider) that would be applied to all relevant Kubernetes resources.
The parameter should be set at the component level and propagate to all resources created for that component (deployments, jobs, etc.).
This allows us to attach IAM roles to service accounts and use workload identity federation without embedding credentials in Kubernetes secrets.
Discovery, Documentation, Adoption, Migration Strategy
Users would configure the service account in their values.yaml file:
backend:
serviceAccountName: backend-sa # Custom service account for accessing managed databasefrontend:
serviceAccountName: frontend-sa # Custom service account for accessing storageyProvider:
serviceAccountName: yprovider-sa # Custom service account for collaboration
For users who don't specify a service account name, nothing changes (backwards compatible). For users who do, they would first create the service accounts in Kubernetes, then attach appropriate IAM roles based on their cloud provider's configuration.
Do you want to work on it through a Pull Request?
Yes, I can implement this feature. I've already created a draft implementation locally by adding the serviceAccountName parameter to the deployment and job templates and updating the values.yaml with proper documentation.
The text was updated successfully, but these errors were encountered:
Feature Request
Is your feature request related to a problem or unsupported use case? Please describe.
I need to use workload identity in managed Kubernetes services (GKE/EKS/AKS) to authenticate pods to managed cloud services like PostgreSQL, Redis, and object storage without embedding credentials.
Currently, the Helm chart doesn't support specifying custom service accounts for deployments and jobs, which prevents leveraging cloud provider IAM-based auth mechanisms.
Describe the solution you'd like
Add an optional
serviceAccountNameparameter to each component in the Helm chart (backend,frontend,yProvider) that would be applied to all relevant Kubernetes resources.The parameter should be set at the component level and propagate to all resources created for that component (deployments, jobs, etc.).
This allows us to attach IAM roles to service accounts and use workload identity federation without embedding credentials in Kubernetes secrets.
Discovery, Documentation, Adoption, Migration Strategy
Users would configure the service account in their
values.yamlfile:For users who don't specify a service account name, nothing changes (backwards compatible). For users who do, they would first create the service accounts in Kubernetes, then attach appropriate IAM roles based on their cloud provider's configuration.
Do you want to work on it through a Pull Request?
Yes, I can implement this feature. I've already created a draft implementation locally by adding the
serviceAccountNameparameter to the deployment and job templates and updating thevalues.yamlwith proper documentation.The text was updated successfully, but these errors were encountered: