potiuk opened a new pull request #11131: URL: https://github.com/apache/airflow/pull/11131
Webserver did not have a Kubernetes Service Account defined and while we do not strictly need to use the service account for anything now, having the Service Account defined allows to define various capabilities for the webserver. For example when you are in the GCP environment, you can map the Kubernetes service account into a GCP one, using Workload Identity without the need to define any secrets and performing additional authentication. See more at https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity and then have that GCP service account get the permissions to write logs to GCS bucket. Similar mechanisms exist in AWS and it also opens up on-premises configuration. Co-authored-by: Jacob Ferriero <[email protected]> --- **^ Add meaningful description above** Read the **[Pull Request Guidelines](https://github.com/apache/airflow/blob/master/CONTRIBUTING.rst#pull-request-guidelines)** for more information. In case of fundamental code change, Airflow Improvement Proposal ([AIP](https://cwiki.apache.org/confluence/display/AIRFLOW/Airflow+Improvements+Proposals)) is needed. In case of a new dependency, check compliance with the [ASF 3rd Party License Policy](https://www.apache.org/legal/resolved.html#category-x). In case of backwards incompatible changes please leave a note in [UPDATING.md](https://github.com/apache/airflow/blob/master/UPDATING.md). ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
