I'm using Kubeless on AWS EKS. While installing Kubeless, the installation has a manifest which has some CRDs and a deployment object. The deployment object has already a Service Account attached. I have created another Service Account in the kube-system namespace, which has some AWS IAM roles attached. I also want to attach this newly created Service Account used for IAM roles to the Kubeless deployment object by modifying the Kubeless manifest file.
I want to have 2 Service Accounts attached to the deployment object: One that comes with Kubeless and other for AWS IAM. Any help would appreciated. Thanks
This is not possible. If you look at the API documentation for
PodSpec v1 coreyou can see that serviceAccountName expects astringnot anarrayorobject. This is because using a ServiceAccount resource creates a 1:1 relationship between your pod and authentication against the API server.You will either need to:
Diversify your workload into multiple pods. Which with you can apply different service accounts.
Combine your service account capabilities into a single account and apply it exclusively to this pod.
I recommend #2.