crossplane
/
docs
mirror of https://github.com/crossplane/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add note on configuring provider service accounts (#811)

This commit is contained in:
Hasan Turken 2024-09-11 12:19:57 +03:00 committed by GitHub
parent 5dbfab8ef1
commit e5e5922cea
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 64 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
content/master/concepts/providers.md
View File

@ -766,6 +766,22 @@ spec:
name: my-service-account name: my-service-account
``` ```
<!-- vale gitlab.FutureTense = NO -->
{{<hint "important" >}}
Setting the `serviceAccountTemplate.metadata.name` field will override the
name of service account created by the package manager and used in the
provider deployment. The package manager will own that service account and
may conflict with other owners attempting to take ownership. A common mistake
is configuring the same service account for multiple packages in this way
which ends up causing frequent reconciliation loops and loads on the API server.
If you just want to use an existing service account, you should instead only
set the `deploymentTemplate.spec.template.spec.serviceAccountName` field.
Crossplane will then use the existing service account without taking the ownership
and still take care of binding the necessary permissions.
{{</hint >}}
<!-- vale gitlab.FutureTense = YES -->
### Provider configuration ### Provider configuration
The `ProviderConfig` determines settings the Provider uses communicating to the The `ProviderConfig` determines settings the Provider uses communicating to the

16
content/v1.15/concepts/providers.md
View File

@ -766,6 +766,22 @@ spec:
name: my-service-account name: my-service-account
``` ```
<!-- vale gitlab.FutureTense = NO -->
{{<hint "important" >}}
Setting the `serviceAccountTemplate.metadata.name` field will override the
name of service account created by the package manager and used in the
provider deployment. The package manager will own that service account and
may conflict with other owners attempting to take ownership. A common mistake
is configuring the same service account for multiple packages in this way
which ends up causing frequent reconciliation loops and loads on the API server.
If you just want to use an existing service account, you should instead only
set the `deploymentTemplate.spec.template.spec.serviceAccountName` field.
Crossplane will then use the existing service account without taking the ownership
and still take care of binding the necessary permissions.
{{</hint >}}
<!-- vale gitlab.FutureTense = YES -->
### Provider configuration ### Provider configuration
The `ProviderConfig` determines settings the Provider uses communicating to the The `ProviderConfig` determines settings the Provider uses communicating to the

16
content/v1.16/concepts/providers.md
View File

@ -766,6 +766,22 @@ spec:
name: my-service-account name: my-service-account
``` ```
<!-- vale gitlab.FutureTense = NO -->
{{<hint "important" >}}
Setting the `serviceAccountTemplate.metadata.name` field will override the
name of service account created by the package manager and used in the
provider deployment. The package manager will own that service account and
may conflict with other owners attempting to take ownership. A common mistake
is configuring the same service account for multiple packages in this way
which ends up causing frequent reconciliation loops and loads on the API server.
If you just want to use an existing service account, you should instead only
set the `deploymentTemplate.spec.template.spec.serviceAccountName` field.
Crossplane will then use the existing service account without taking the ownership
and still take care of binding the necessary permissions.
{{</hint >}}
<!-- vale gitlab.FutureTense = YES -->
### Provider configuration ### Provider configuration
The `ProviderConfig` determines settings the Provider uses communicating to the The `ProviderConfig` determines settings the Provider uses communicating to the

16
content/v1.17/concepts/providers.md
View File

@ -766,6 +766,22 @@ spec:
name: my-service-account name: my-service-account
``` ```
<!-- vale gitlab.FutureTense = NO -->
{{<hint "important" >}}
Setting the `serviceAccountTemplate.metadata.name` field will override the
name of service account created by the package manager and used in the
provider deployment. The package manager will own that service account and
may conflict with other owners attempting to take ownership. A common mistake
is configuring the same service account for multiple packages in this way
which ends up causing frequent reconciliation loops and loads on the API server.
If you just want to use an existing service account, you should instead only
set the `deploymentTemplate.spec.template.spec.serviceAccountName` field.
Crossplane will then use the existing service account without taking the ownership
and still take care of binding the necessary permissions.
{{</hint >}}
<!-- vale gitlab.FutureTense = YES -->
### Provider configuration ### Provider configuration
The `ProviderConfig` determines settings the Provider uses communicating to the The `ProviderConfig` determines settings the Provider uses communicating to the