serviceAccount not annotated

Question

serviceAccount not annotated

Closed this issue 3 years ago · 4 comments

AndreiBanaruTakeda commented 3 years ago

I've created values.yml:

---
awsRegion: "us-east-1"
clusterName: "my_cluster_name"

fluentbit:
  serviceAccount:
    annotations:
      eks.amazonaws.com/role-arn: "arn:aws:iam::012345678901:role/AmazonEKSFluentBitRole"
      eks.amazonaws.com/sts-regional-endpoints: "true"

adotCollector:
  daemonSet:
    serviceAccount:
      annotations:
        eks.amazonaws.com/role-arn: "arn:aws:iam::012345678901:role/AmazonEKSOTELCollectorRole"
        eks.amazonaws.com/sts-regional-endpoints: "true"

And installed the chart:
helm install cloudwatch-container-insights aws-observability/adot-exporter-for-eks-on-ec2 -f values.yml

While the values are being merged:

helm get values cloudwatch-container-insights 
USER-SUPPLIED VALUES:
adotCollector:
  daemonSet:
    serviceAccount:
      annotations:
        eks.amazonaws.com/role-arn: arn:aws:iam::012345678901:role/AmazonEKSOTELCollectorRole
        eks.amazonaws.com/sts-regional-endpoints: "true"
awsRegion: us-east-1
clusterName: my_cluster_name
fluentbit:
  serviceAccount:
    annotations:
      eks.amazonaws.com/role-arn: arn:aws:iam::012345678901:role/AmazonEKSFluentBitRole
      eks.amazonaws.com/sts-regional-endpoints: "true"

The generated manifest does not include the annotations (I've stripped some content and left only ServiceAccount kind):

helm get manifest cloudwatch-container-insights
# Source: adot-exporter-for-eks-on-ec2/templates/adot-collector/serviceaccount.yaml
# Service account provides identity information for a user to be able to authenticate processes running in a pod.
apiVersion: v1
kind: ServiceAccount
metadata:
  name: adot-collector-sa
  namespace: amzn-cloudwatch-metrics
---
# Source: adot-exporter-for-eks-on-ec2/templates/aws-for-fluent-bit/serviceaccount.yaml
# Service account provides identity information for a user to be able to authenticate processes running in a pod.
apiVersion: v1
kind: ServiceAccount
metadata:
  name: fluent-bit
  namespace: amazon-cloudwatch

One more confirmation that the annotations were not created:

kubectl get sa -n amzn-cloudwatch-metrics adot-collector-sa -o yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  annotations:
    meta.helm.sh/release-name: cloudwatch-container-insights
    meta.helm.sh/release-namespace: kube-system
  creationTimestamp: "2022-03-23T10:44:38Z"
  labels:
    app.kubernetes.io/managed-by: Helm
  name: adot-collector-sa
  namespace: amzn-cloudwatch-metrics
  resourceVersion: "418055"
  uid: 0bf1c377-eba7-4f72-9098-1f587037556f
secrets:
- name: adot-collector-sa-token-44bnz

kubectl get sa -n amazon-cloudwatch fluent-bit -o yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  annotations:
    meta.helm.sh/release-name: cloudwatch-container-insights
    meta.helm.sh/release-namespace: kube-system
  creationTimestamp: "2022-03-23T10:44:38Z"
  labels:
    app.kubernetes.io/managed-by: Helm
  name: fluent-bit
  namespace: amazon-cloudwatch
  resourceVersion: "418054"
  uid: ec9456ab-7c4e-4b0b-910b-c5f48e76e6df
secrets:
- name: fluent-bit-token-8sb8t

Expected results: Annotations for serviceAccount to be created in order to use IRSA.

Answer 1 · 2022-03-24T18:31:54.000Z

This was recently merged in from these PRs:
#20
#17

I am not sure when/how these get released as a new chart version for use though.

Answer 2 · 2022-03-25T19:25:29.000Z

Hi @AndreiBanaruTakeda @savagete2860 thanks for requesting. Typically we release updates once every month based on prioritized improvements to our Helm charts. So keep a lookout for the upcoming March release.

Answer 3 · 2022-04-04T18:15:49.000Z

@alolita any rough ETA on the March release? I doesn't seem like the helm chart version has been updated since November last year unless I am reading the release page incorrectly.

Answer 4 · 2022-04-05T00:54:03.000Z

Hi @savagete2860 we just published release v0.2.0 with #20 and #17 included. I am going to close this issue since it should be resolved as of now.