Request Service Account support in helm chart
cydergoth opened this issue · 2 comments
Very useful project, thanks! We have one small issue with EKS service accounts
In order to access some of the resources we need to report metrics on, the script-exporter instance needs to use an EKS workload identity provided via the AWS IAM integration with the EKS k8s service account. In order to leverage that in the pod we need to be able to assign a service account to the pod. This requires a small change to the deployment template to take a service account name and bind it to the pod.
See:
- https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#launch-a-pod-using-service-account-token-projection
- https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html [informational, you don't need to do anything around this]
After setting a service account on the pod, the AWS CLI may be run inside the pod with the appropriate permissions to scrape the data we need to report metrics for.
Hi @cydergoth it is now possible to provide the name of a ServiceAccount in the Helm chart (version 0.7.0) via the newly added serviceAccount.name value (see #98).
Thats awesome! Thank you!