(gravitino) branch main updated: [MINOR] fix(helm): add serviceAccountName to pod spec in deployment.yaml (#10573)

Mon, 30 Mar 2026 02:33:02 -0700 

This is an automated email from the ASF dual-hosted git repository.

jshao pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/gravitino.git


The following commit(s) were added to refs/heads/main by this push:
     new 47a005d50e [MINOR] fix(helm): add serviceAccountName to pod spec in 
deployment.yaml (#10573)
47a005d50e is described below

commit 47a005d50e8f700b77c5e76116ffc97cfb440a27
Author: Bharath Krishna <[email protected]>
AuthorDate: Mon Mar 30 02:32:36 2026 -0700

    [MINOR] fix(helm): add serviceAccountName to pod spec in deployment.yaml 
(#10573)
    
    Add serviceAccountName: {{ .Values.serviceAccountName | default "default" 
}} so the configured KSA (with WI annotation) is used.
    
    
    ### Why are the changes needed?
    
    The upstream chart had no serviceAccountName field in the pod spec,
    causing the pod to always run as the 'default' KSA regardless of the
    values file. This meant Workload Identity bindings on the gravitino KSA
    were silently ignored, resulting in 403s from GCS.
    
    ### Does this PR introduce _any_ user-facing change?
    
    no
    
    ### How was this patch tested?
    
    Test with helm deployment
---
 dev/charts/gravitino/templates/deployment.yaml | 1 +
 dev/charts/gravitino/values.yaml               | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/dev/charts/gravitino/templates/deployment.yaml 
b/dev/charts/gravitino/templates/deployment.yaml
index 1991be47ef..624ddde526 100644
--- a/dev/charts/gravitino/templates/deployment.yaml
+++ b/dev/charts/gravitino/templates/deployment.yaml
@@ -47,6 +47,7 @@ spec:
           {{- toYaml . | nindent 8 }}
           {{- end }}
     spec:
+      serviceAccountName: {{ .Values.serviceAccountName }}
       {{- with .Values.global.imagePullSecrets }}
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
diff --git a/dev/charts/gravitino/values.yaml b/dev/charts/gravitino/values.yaml
index ee81a583bc..7c7080346c 100644
--- a/dev/charts/gravitino/values.yaml
+++ b/dev/charts/gravitino/values.yaml
@@ -470,6 +470,10 @@ ingress:
 ##
 annotations: {}
 
+## Service account name for the Gravitino pod
+##
+serviceAccountName: default
+
 ## Deployment replicas
 ##
 replicas: 1

Reply via email to