Argo Workflow always using default serviceaccount

kubernetes kubernetes-helm argo-workflows argoproj

The Argo installation does not control which ServiceAccount Workflows use. According to the Argo docs,

When no ServiceAccount is provided [when the Workflow is submitted], Argo will use the defaultServiceAccount from the namespace from which it is run, which willalmost always have insufficient privileges by default.

If you are using the Argo CLI to submit Workflows, you can specify the ServiceAccount with --serviceaccount.

If you are using kubectl apply or some other tool to install Workflows, you can set the ServiceAccount name in the yaml definition. See an example from the documentation, or this abbreviated example:

apiVersion: argoproj.io/v1alpha1kind: Workflowspec:  serviceAccountName: some-serviceaccount

As a convenience, the Argo Helm chart provides a way to create a ServiceAccount with which to run your Workflows. But it does not actually cause your Workflows to use that ServiceAccount. You have to specify it when you submit the Workflow.

  serviceAccount:    create: false  # Specifies whether a service account should be created    annotations: {}    name: "argo-workflow"  # Service account which is used to run workflows  rbac:    create: false  # adds Role and RoleBinding for the above specified service account to be able to run workflows

CodeHunter

Argo Workflow always using default serviceaccount

Recent Posts

How can I color dots in a xy scatterplot according to column value?

How to update a claim in ASP.NET Identity?

What does {0} mean when initializing an object?

Accessing members of items in a JSONArray with Java

How to log SQL statements in Spring Boot?

Powershell Get-WebSite name parameter is ignored

How to detect scroll to bottom of html element

Java synchronized method

How to test controllers with CodeIgniter?

Detect Visual Composer

Matplotlib: Specify format of floats for tick labels

Rails join a list of strings with commas and "and" before the last