ArcGIS Enterprise on Kubernetes: offer option predefined service account

RiccardoKlinger

Currently we are deploying ArcGIS Enterprise on Kubernetes on our own dedicated OpenShift. Out of security concerns as well as polcies embedded in our orgaization we are not allowed to create user, service accounts and create role bindings.

Therefore a deployment was only possible by changing deployment scripts provided by Esri:

- change all Service Account names to a singe service account name already provided in our namespace / project in Openshift

- remove all parts where role bindings were altered or added (so-called RBAC related YAMLS)

Furthermore we needed to change the deployed stateful sets to use the pre-defined service accounts

I would like to suggest a switch in the config to either use the esri-defined role model or define a central pre-defined service account that has all the rights needed.

TrevorSeaton · ‎03-26-2025

Thank you Riccardo. We have been exploring this scenario but at this time there is not a timeframe for addressing it directly. We will reach out separately for more details from you.

RiccardoKlinger

This scenario is quite central for us, as it directly influences our decision on whether we can continue to use and expand our deployment of the software. Given the annual investment involved, having clarity on the roadmap for this capability would help us greatly in planning.

I’m very happy to share the full use case, the business impact, and why this feature is essential for us. Please feel free to reach out anytime — I’m available for a short call or to provide written details.

can you provide more details on the progress/roadmap?