Feature request: Annotations for serviceAccounts

[chrispsplash]

We, as most EKS users do, rely on IRSA roles to grant cloud perms to K8s apps. An annotation on the serviceAccount is required to link the running app to an IAM role.

It would be lovely to have this serviceAccountAnnotations feature so EKS users can migrate from the datadog Helm chart to the excellent datadog-operator 🙏

Additional environment details (Operating System, Cloud provider, etc): AWS, EKS, K8s 1.20

[EdwardOlmos]

I've come across this issue as well and implementing this feature will improve my current workflow for getting the Datadog Operator to work on EKS.

I believe many other users would also benefit from this enhancement, so it would be fantastic to see it implemented in the Operator. Thanks again for raising this, and fingers crossed that the Datadog team takes it into consideration for future updates!

[bkalcho]

+1

This is very important feature, as it is crucial when enabling external checks. It should be given higher priority. Also check if feasible implementation of support for EKS Pod Identities as it is replacement for IRSA. Some of requirements for EKS Pod Identities: https://docs.aws.amazon.com/eks/latest/userguide/pod-id-minimum-sdk.html

[choco-nishant]

+1

This feature is also essential for us from a security perspective to enable Database Monitoring with AWS RDS. Currently, we have to use a username and password, but having this feature will help us use IAM authentication.