Multi node helm chart service account issue

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
OS: 2.10
OD: 2.10

Describe the issue:
I deployed the opensearch as multi node cluster with 3 master and 2 data nodes, by following the below url instruction

the cluster is up and running.

kubectl get po -n opensearch
opensearch-cluster-data-0 1/1 Running 0 138m
opensearch-cluster-data-1 1/1 Running 0 138m
opensearch-cluster-master-0 1/1 Running 0 140m
opensearch-cluster-master-1 1/1 Running 0 140m
opensearch-cluster-master-2 1/1 Running 0 140m
opensearch-dashboard-dcd7ffbd6-lfvlf 1/1 Running 0 131m

but the actual issue is the service account which used to authenticate with gcs bucket is not working.

it throws 403 permission error.

if i go with usual cluster setup the SA works fine.

create: true
serviceAccountAnnotations: {“”: “”}
serviceAccountName: “opensearch-dashboards”

i tried different approach like.

  • enabled rbac only for master node
  • enabled rbac only for data node
  • enabled rbac for both master and data node.

Relevant Logs or Screenshots:

but still i face the permission error. did anyonce came across this issue.

Thanks in advance.

@arun_udaiyar I never worked with user workload identity. However, have you tried to configure it this way?

  create: true
  serviceAccountName: opensearch-dashboards