Skip to main content

Documentation Index

Fetch the complete documentation index at: https://astronomer-preview.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

In Astro Private Cloud, you can disable automatic creation of Service Accounts (SA), and use a pre-created service account. When you do this, you can either define service accounts manually, or use a service account creation template. Using a pre-created service account, Organizations can create service accounts using a central authority or system, without granting Astro Private Cloud similarly elevated permissions.

Step 1: Create a service account template

Use the registry template to create a service account template. The following examples use a service account saved with the name, custom-sa.

Step 2: Disable automatic service account creation

  1. Disable Astronomer from creating Roles, RoleBindings, and other SAs in the namespace by setting the global config rbacEnabled and serviceAccount.create to false globally:
global:
  rbacEnabled: false
  serviceAccount:
    create: false
  1. You must also set serviceAccount.create to false for each component that will use a custom SA: commander, configsyncer, houston, and houston-worker.
global:
  dagOnlyDeployment:
    enabled: true
    serviceAccount:
      create: false
astronomer:
  airflowChartVersion: <your-airflow-chart-version>
  houston:
    config:
      deployments:
        helm:
          airflow:
            rbac:
              create: false

            scheduler:
              serviceAccount:
                create: false

            flower:
              serviceAccount:
                create: false

            apiServer:
              serviceAccount:
                create: false

            triggerer:
              serviceAccount:
                create: false

            pgbouncer:
              serviceAccount:
                create: false

            migrateDatabaseJob:
              serviceAccount:
                create: false

            statsd:
              serviceAccount:
                create: false
            redis:
              serviceAccount:
                create: false

            cleanup:
              serviceAccount:
                create: false

            workers:
              serviceAccount:
                create: false

Step 3: Apply the config change

Then apply the config change.