You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When deploying Teleport using teleport/teleport-cluster Helm chart, users should be able to independently configure Kubernetes Service Accounts for the Teleport Auth and Proxy. Specifically, users should be able to enable/disable the creation of Service Accounts and set different names for auth and proxy.
When assigning IAM credentials to a serviceaccount to be used by the Teleport auth service, it is necessary to disable service account creation in the chart. The service account is managed externally. When the proxy service's serviceaccount doesn't need an IAM identity at all, the process that is used to create/manage the auth service account may not be appropriate for the proxy service account.
Something like this in the values.yaml would do the trick:
Currently, the Helm chart configuration does not allow independent management of Kubernetes Service Accounts for Teleport Auth and Proxy. The Service Account name is set with a global value which is shared by Auth and Proxy, the latter appending a -proxy suffix. Disabling the Service Account creation through Helm affects both Auth and Proxy.
Bug Details
Teleport Version
The issue is not version specific but is related to the Helm chart used for deploying Teleport. Current latest is Teleport 15.3.2 at time of writing.
Debug Logs
N/A
The text was updated successfully, but these errors were encountered:
Expected Behavior
When deploying Teleport using
teleport/teleport-cluster
Helm chart, users should be able to independently configure Kubernetes Service Accounts for the Teleport Auth and Proxy. Specifically, users should be able to enable/disable the creation of Service Accounts and set different names for auth and proxy.When assigning IAM credentials to a serviceaccount to be used by the Teleport auth service, it is necessary to disable service account creation in the chart. The service account is managed externally. When the proxy service's serviceaccount doesn't need an IAM identity at all, the process that is used to create/manage the auth service account may not be appropriate for the proxy service account.
Something like this in the values.yaml would do the trick:
Current Behavior
Currently, the Helm chart configuration does not allow independent management of Kubernetes Service Accounts for Teleport Auth and Proxy. The Service Account name is set with a global value which is shared by Auth and Proxy, the latter appending a
-proxy
suffix. Disabling the Service Account creation through Helm affects both Auth and Proxy.Bug Details
Teleport Version
The issue is not version specific but is related to the Helm chart used for deploying Teleport. Current latest is Teleport 15.3.2 at time of writing.
Debug Logs
N/A
The text was updated successfully, but these errors were encountered: