You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Medusa standalone deployment is using the default service account.
For AWS role based auth, that means that the default service account needs to be properly annotated and needs to be properly bound with the AWS IAM role.
Therefore, any pods created without a SA specified will be granted with AWS permissions.
This against the least privilege principle.
Did you expect to see something different?
I expect the Medusa standalone deployment's service account to be set to the value K8ssandraCluster.cassandra.serviceAccount .
How to reproduce it (as minimally and precisely as possible):
Create a k8ssandra cluster with medusa enabled and a non-default service account.
Environment
K8ssandra Operator version:
1.15
Kubernetes version information:
1.29
Kubernetes cluster kind:
EKS
The text was updated successfully, but these errors were encountered:
What happened?
The Medusa standalone deployment is using the
default
service account.For AWS role based auth, that means that the
default
service account needs to be properly annotated and needs to be properly bound with the AWS IAM role.Therefore, any pods created without a SA specified will be granted with AWS permissions.
This against the least privilege principle.
Did you expect to see something different?
I expect the Medusa standalone deployment's service account to be set to the value
K8ssandraCluster.cassandra.serviceAccount
.How to reproduce it (as minimally and precisely as possible):
Create a k8ssandra cluster with medusa enabled and a non-default service account.
Environment
K8ssandra Operator version:
1.15
Kubernetes version information:
1.29
Kubernetes cluster kind:
EKS
The text was updated successfully, but these errors were encountered: