https://flyte.org logo
Powered by
#ask-the-community
Title
# ask-the-community
b

Brian Tang

04/19/2023, 7:33 AM
hi all - i recently deployed flyte into EKS (single cluster) and configured the 
serviceaccount
being used by my task as 
trainer-service
. however, it’s not being applied to the pod. is this a bug, or am i missing something? the service account used by the pod still remains as 
default
. my current pod template:
Copy code
@task(
    requests=Resources(cpu="250m", mem="512Mi"),
    pod_template=PodTemplate(
        pod_spec=V1PodSpec(
            service_account_name="trainer-service",
            containers=[],
            tolerations=...
)
i can confirm it’s being passed into the task details
but it’s not actually being assumed by the pod:
Copy code
$ k describe po -n flytesnacks-development fbb3d31dbf5a94eb58eb-n0-0
Name:             fbb3d31dbf5a94eb58eb-n0-0
Namespace:        flytesnacks-development
Priority:         0
Service Account:  default
Node:             <REDACTED>
Start Time:       Wed, 19 Apr 2023 14:59:04 +0800
Labels:           domain=development
                  execution-id=fbb3d31dbf5a94eb58eb
                  interruptible=false
                  node-id=n0
                  project=flytesnacks
                  shard-key=4
                  task-name=core-flyte-basics-hello-world-say-hello
                  workflow-name=core-flyte-basics-hello-world-my-wf
Annotations:      <http://cluster-autoscaler.kubernetes.io/safe-to-evict|cluster-autoscaler.kubernetes.io/safe-to-evict>: false
                  <http://kubernetes.io/psp|kubernetes.io/psp>: eks.privileged
and in the workflow UI, it’s 
default
my current workaround was to annotate the 
default
service account with the IAM role. but i want to specify the serviceaccount to use within the task decorator
d

Dan Rammer (hamersaw)

04/19/2023, 3:37 PM
Hey @Brian Tang, this seems to be because we update the 
ServiceAccount
to always reflect that in the execution context, hence why you're seeing "default". In other logic we check if the 
ServiceAccount
is empty before updating it - which would maintain you're settings from the 
PodTemplate
. Would you mind filing an issue for this? [flyte-bug] I think the 
ServiceAccount
should be maintained, as you suggest - but want to spend a little time ensuring this doesn't cause regressions elsewhere.
s

Slackbot

04/19/2023, 3:37 PM
d

Dan Rammer (hamersaw)

04/21/2023, 2:15 PM
I created an issue to track this - https://github.com/flyteorg/flyte/issues/3613
7 Views
Powered by