Hi, I’m trying to use the percona mongodb operator to deploy a basic mongodb cluster that backs up to s3, I’m using EKS with IRSA.
In order to use s3 as a backend I need to be able to do 2 things:
- I need to be able to define a service account with an eks annotation on the replica set that runs the backup sidecar. This is to allow my pods to ccorrectly assume an IAM role and have write permissions to my s3 bucket. Currently the replicaset uses the ‘default’ service account which appears to be created by the operator and there isn’t any configuration available to override its settings or define a new SA. I’ve tried modifying the backup.serviceAccountName field but that does not appear to modify the replicaset.
- The percona mongodb backup agent supports SSE (server side encryption via KMS) but this does not appear to be available to the operator config under backup
Is there any way around these 2 problems?