Skip to content
This repository has been archived by the owner on May 16, 2023. It is now read-only.

statefulset does not point to my custom service account name #1455

Closed
mdnfiras opened this issue Dec 7, 2021 · 4 comments · Fixed by #1580
Closed

statefulset does not point to my custom service account name #1455

mdnfiras opened this issue Dec 7, 2021 · 4 comments · Fixed by #1580
Assignees
@jmlrt
Labels
bug Something isn't working elasticsearch

Comments

@mdnfiras
Copy link

mdnfiras commented Dec 7, 2021

Chart version:

version: 7.15.0

Kubernetes version:

v1.22.4

Kubernetes provider:

kubeadm

Helm Version:

using fluxcd v0.24.0, which has helm-controller v0.14.0, which implements helm v3.6.3

Describe the bug:

when setting rbac.create to true and rbac.serviceAccountName to a custom service account name like elasticsearch-logging-sa, the service account will be created with the custom name but the statefulset will keep pointing to the default service account name.

Steps to reproduce:

  1. chose set values in the values.yaml file or using --set:
rbac:
  create: true
  serviceAccountName: "elasticsearch-logging-sa"
  1. install the helm release

Expected behavior:

a service account with name elasticsearch-logging-sa is created and the statefulset points to that name.

Provide logs and/or server output (if relevant):

/ # kubectl get sa -n logging
NAME                       SECRETS   AGE
default                    1         145m
elasticsearch-logging-sa   1         143m
/ # kubectl describe sts elasticsearch-logging-master -n logging | tail -4
Events:
  Type     Reason        Age                 From                    Message
  ----     ------        ----                ----                    -------
  Warning  FailedCreate  80s (x18 over 12m)  statefulset-controller  create Pod elasticsearch-logging-master-0 in StatefulSet elasticsearch-logging-master failed error: pods "elasticsearch-logging-master-0" is forbidden: error looking up service account logging/elasticsearch-logging-master: serviceaccount "elasticsearch-logging-master" not found
@mdnfiras
Copy link
Author

mdnfiras commented Dec 7, 2021
edited
Loading

can this pull request solve this problem? #1497 (edited)
edit: i implemented this change locally and it solved my problem

@mdnfiras mdnfiras mentioned this issue Dec 7, 2021
Closed
4 tasks
@ebuildy
Copy link
Contributor

ebuildy commented Dec 8, 2021

Hello, I think this normal if you want the Helm release create it for you. All ressources generated by the Helm release must have the same naming convention (ConfigMap, Sts, SA etc...).

@mdnfiras
Copy link
Author

mdnfiras commented Dec 8, 2021

but the helm chart currently creates a service account named rbac.serviceAccountName if its provided, and rbac.create is set to true.

if all resources of the helm release must follow the chart's naming convention, then the helm chart should ignore the rbac.serviceAccountName field and create the service account with the default name when rbac.create is set to true.

@ebuildy
Copy link
Contributor

ebuildy commented Dec 8, 2021

ho you are right, didnt check https://github.com/elastic/helm-charts/blob/main/elasticsearch/templates/serviceaccount.yaml

@mdnfiras mdnfiras mentioned this issue Dec 15, 2021
Closed
4 tasks
@framsouza framsouza added the enhancement New feature or request label Jan 2, 2022
@jmlrt jmlrt added elasticsearch bug Something isn't working and removed enhancement New feature or request labels Feb 2, 2022
@jmlrt jmlrt mentioned this issue Feb 23, 2022
Merged
jmlrt added a commit to jmlrt/helm-charts that referenced this issue Feb 23, 2022
@jmlrt
[elasticsearch] fix ServiceAccount inconsistencies
29271de 
This commit refactor the way we define the ServiceAccount name to fix an
issue where a ServiceAccount is created with a custom name but the
Statefulset is trying to use a different ServiceAccount.

Fix elastic#1455
@jmlrt jmlrt self-assigned this Feb 23, 2022
@jmlrt jmlrt mentioned this issue Feb 23, 2022
Merged
jmlrt added a commit to jmlrt/helm-charts that referenced this issue Feb 23, 2022
@jmlrt
[logstash] fix ServiceAccount inconsistencies
3ed83a4 
This commit refactor the way we define the ServiceAccount name to fix an
issue where a ServiceAccount is created with a custom name but the
Statefulset is trying to use a different ServiceAccount.

Relates to elastic#1455 and 1580
jmlrt added a commit that referenced this issue Feb 24, 2022
@jmlrt
[elasticsearch] fix ServiceAccount inconsistencies (#1580)
aa7741a 
This commit refactor the way we define the ServiceAccount name to fix an
issue where a ServiceAccount is created with a custom name but the
Statefulset is trying to use a different ServiceAccount.

Fix #1455
jmlrt added a commit that referenced this issue Feb 24, 2022
@jmlrt
[logstash] fix ServiceAccount inconsistencies (#1581)
ea0177c 
This commit refactor the way we define the ServiceAccount name to fix an
issue where a ServiceAccount is created with a custom name but the
Statefulset is trying to use a different ServiceAccount.

Relates to #1455 and 1580
jmlrt added a commit to jmlrt/helm-charts that referenced this issue Mar 1, 2022
@jmlrt
[elasticsearch] fix ServiceAccount inconsistencies (elastic#1580)
3deb97b 
This commit refactor the way we define the ServiceAccount name to fix an
issue where a ServiceAccount is created with a custom name but the
Statefulset is trying to use a different ServiceAccount.

Fix elastic#1455
jmlrt added a commit that referenced this issue Mar 1, 2022
@jmlrt
[elasticsearch] fix ServiceAccount inconsistencies (#1580) (#1587)
f8b8be6 
This commit refactor the way we define the ServiceAccount name to fix an
issue where a ServiceAccount is created with a custom name but the
Statefulset is trying to use a different ServiceAccount.

Fix #1455
jmlrt added a commit to jmlrt/helm-charts that referenced this issue Mar 1, 2022
@jmlrt
[logstash] fix ServiceAccount inconsistencies (elastic#1581)
fa7981b 
This commit refactor the way we define the ServiceAccount name to fix an
issue where a ServiceAccount is created with a custom name but the
Statefulset is trying to use a different ServiceAccount.

Relates to elastic#1455 and 1580
jmlrt added a commit that referenced this issue Mar 1, 2022
@jmlrt
[logstash] fix ServiceAccount inconsistencies (#1581) (#1588)
fe757f0 
This commit refactor the way we define the ServiceAccount name to fix an
issue where a ServiceAccount is created with a custom name but the
Statefulset is trying to use a different ServiceAccount.

Relates to #1455 and 1580
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@jmlrt jmlrt

Labels
bug Something isn't working elasticsearch
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[elasticsearch] fix ServiceAccount inconsistencies jmlrt/helm-charts
4 participants
@ebuildy @jmlrt @framsouza @mdnfiras