circle-check
Meet Soda 4.0 – Unlock Data Quality Automation |
Check the Announcementarrow-up-right
search

Upgrading from 1.2.x to 1.4.x+

hashtag
Customizable service accounts

Starting from version 1.4.0 there are some changes in how Soda Agent allows you to customize the used service accounts.

For more information, see the used service account customization section.

The introduction of customizable service accounts has the following effects.

hashtag
Introduction of new properties and deprecation of old properties in the Helm chart

The customization of service accounts is now possible for each workload individually. This means that we've deprecated the old soda.serviceAccount and nested properties in favor of the more fine grained settings: soda.agent.serviceAccount, soda.scanLauncher.serviceAccount and soda.contractLauncher.serviceAccount.

circle-exclamation

If you had some customization under soda.serviceAccount, please move it into the appropriate soda.agent.serviceAccount properties.

soda:
  agent:
    ## ServiceAccount configuration
    serviceAccount:
      ## @param soda.agent.serviceAccount.create Specifies whether a ServiceAccount should be created
      ##
      create: true
      ## @param soda.agent.serviceAccount.name The name of the ServiceAccount to use.
      ## If not set and create is true, a name is generated using the soda.fullname template
      name: ""
      ## @param soda.agent.serviceAccount.labels Additional Service Account labels
      ##
      labels: {}
      ## @param soda.agent.serviceAccount.annotations Additional Service Account annotations
      ##
      annotations: {}

  scanLauncher:
    ## ServiceAccount configuration
    serviceAccount:
      ## @param soda.scanLauncher.serviceAccount.create Specifies whether a ServiceAccount should be created
      ##
      create: true
      ## @param soda.scanLauncher.serviceAccount.name The name of the ServiceAccount to use.
      ## If not set and create is true, a name is generated using the soda.fullname template
      name: ""
      ## @param soda.scanLauncher.serviceAccount.labels Additional Service Account labels
      ##
      labels: {}
      ## @param soda.scanLauncher.serviceAccount.annotations Additional Service Account annotations
      ##
      annotations: {}

  contractLauncher:
    ## ServiceAccount configuration
    serviceAccount:
      ## @param soda.contractLauncher.serviceAccount.create Specifies whether a ServiceAccount should be created
      ##
      create: true
      ## @param soda.contractLauncher.serviceAccount.name The name of the ServiceAccount to use.
      ## If not set and create is true, a name is generated using the soda.fullname template
      name: ""
      ## @param soda.contractLauncher.serviceAccount.labels Additional Service Account labels
      ##
      labels: {}
      ## @param soda.contractLauncher.serviceAccount.annotations Additional Service Account annotations
      ##
      annotations: {}
  
  ### NOW NOT LONGER SUPPORTED
  ## serviceAccount:
  ##  labels: {}
  ##  # Annotations to add to the service account
  ##  annotations: {}
  ##  # The name of the service account to use.
  ##  name: "soda-agent"

hashtag
New default names for service accounts, roles and role bindings

When using the default settings, Soda will generate a ServiceAccount , Role and RoleBinding for you for each of the three workloads. These will all have a default name generated for them as well. This name will use the Helm "release name" (see the official Helm docsarrow-up-right for more information on this concept). The name of the ServiceAccount associated with the orchestrator workload is now different from its previous value.

Workload
Default name
Previous default name

orchestrator

{{.Release.Name}}-orchestrator

"soda-agent"

scan-launcher

{{.Release.Name}}-scan-launcher

contract-launcher

{{.Release.Name}}-contract-launcher

circle-exclamation

If you are currently using the name of the soda-agent service account, the associated role or role binding in your own templates or codebase, then either:

  • change that reference in your own code base OR

  • override the default service account name for the orchestrator by setting the soda.agent.serviceAccount.name property to "soda-agent".

circle-info

You are not logged in to Soda and are viewing the default public documentation. Learn more about Documentation access & licensing.

PreviousMore info about Soda's private container registryNextRedeploy Soda Agent

Last updated

Was this helpful?