Skip to content

Flux Access SA Quick Fix - Service Account Setup

DodaTech Updated 2026-06-26 1 min read

Flux service accounts provide identity for controller pods and automated operations. Misconfigured service accounts cause authentication failures or missing cloud provider permissions. This guide covers the fix.

Quick Fix

Wrong

apiVersion: v1
kind: ServiceAccount
metadata:
  name: kustomize-controller
  namespace: flux-system

The issue: no imagePullSecrets for private registry access, and no annotations for cloud IAM integration. The service account cannot pull images from private registries or assume cloud roles.

apiVersion: v1
kind: ServiceAccount
metadata:
  name: kustomize-controller
  namespace: flux-system
  annotations:
    eks.amazonaws.com/role-arn: "arn:aws:iam::123456789012:role/flux-controller"
imagePullSecrets:
- name: registry-credentials
# Expected output after applying the fix
# ServiceAccount created with EKS IAM role annotation
# Image pull secret allows private registry access
# Cloud IAM role assumed for AWS resource operations
# Flux pods authenticate correctly

Prevention

  • Add cloud IAM role annotations for AWS/GCP/Azure integrations
  • Configure imagePullSecrets for private registry authentication
  • Use separate service accounts for different Flux controllers
  • Bind appropriate RBAC roles to each service account
  • Verify service account with kubectl describe sa <name>

DodaTech Tools

Doda Browser's service account manager shows SA bindings and permissions. DodaZIP archives SA configurations for security audit. Durga Antivirus Pro validates SA annotations.

FAQ

What is the purpose of the AWS IAM role annotation on service accounts?

The annotation eks.amazonaws.com/role-arn enables IRSA (IAM Roles for Service Accounts), allowing the pod to assume an IAM role for AWS API access. ||| Can I use multiple imagePullSecrets on a service account? Yes, list multiple secrets in imagePullSecrets. Flux controllers can pull from multiple private registries with different credentials. ||| How do Flux service accounts relate to RBAC? Each Flux controller has its own service account. RBAC roles are bound to these service accounts to grant specific permissions for resource management.

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro