Service account is not propagated to Medusa standalone deployment #1294
Labels
bug
Something isn't working
Comments
|
We'll most probably remove the Medusa standalone pod altogether shortly as part of this issue. |
makes sense |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What happened?
The Medusa standalone deployment is using the
defaultservice account.For AWS role based auth, that means that the
defaultservice account needs to be properly annotated and needs to be properly bound with the AWS IAM role.Therefore, any pods created without a SA specified will be granted with AWS permissions.
This against the least privilege principle.
Did you expect to see something different?
I expect the Medusa standalone deployment's service account to be set to the value
K8ssandraCluster.cassandra.serviceAccount.How to reproduce it (as minimally and precisely as possible):
Create a k8ssandra cluster with medusa enabled and a non-default service account.
Environment
K8ssandra Operator version:
1.15
Kubernetes version information:
1.29
Kubernetes cluster kind:
EKS
The text was updated successfully, but these errors were encountered: