[bitnami/elasticsearch] why serviceAccount.create is true if auto mount is disabled by default?

[rmannibucau]

Name and Version

elasticsearch/latest

What is the problem this feature will solve?

serviceaccount(s) is(are) created by default but not mounted so looks like defaults are not aligned

What is the feature you are proposing to solve the problem?

disable create toggle by default (set to false)

What alternatives have you considered?

configure it explicitly

[javsalgar]

Hi,

We prefer avoiding the use of the default service account as much as possible. Even though the mounting is disabled, let's imagine that a user wants to add a custom RBAC for special plugins. We prefer the user to set these special RBAC permissions to a different account from the default, so we avoid as much as possible to mount the default SA token.

[rmannibucau]

@javsalgar hmm, wouldn't it require a restart anyway so wouldn't be an issue? My current issue is that by default you need to setup a SA with more perms than used by the runtime since you have to be able to deploy this SA.

[javsalgar]

If that's the case, you can set the *.serviceAccount.create values to false and it will use the default SA

[rmannibucau]

This is what I'm doing, this is just not very neat as experience as soon as you are not admin when deploying and it doesn't have real usage gains in practise (the custom plugin is more an exception than a default IMHO to make it clear).