https://flyte.org logo
Powered by
#flyte-deployment
Title
# flyte-deployment
m

Michael Tinsley

04/24/2023, 3:12 PM
2 questions I’ve got, I’m currently setting up Flyte for production… 1. I want to prepend all namespaces with 
flyte-
to better organise flyte namespaces. Is the correct/best way to do this by overriding the namespace in clusterResourceTemplates , for example,
Copy code
001_namespace.yaml: |
  apiVersion: v1
  kind: Namespace
  metadata:
    ~name: '{{ namespace }}'~
    name: 'flyte-{{ namespace }}'

... and for all other resource templates
Firstly will this approach work? Or is there a better way to do this? 2. And secondly, I think I asked this a few months ago and the answer was no at the time, but is there any way to set the default service account for workflow where that is not the 
default
k8s SA? Basically our security policy states the default service account should not be used . So I plan to annotate a non-default service account with the IAM role ARN, and ideally that account should be used by default
m

Mike Ossareh

04/24/2023, 3:22 PM
@Michael Tinsley IIRC the service account can be set to a non default service account. by annotating your task as detailed here: https://docs.flyte.org/projects/cookbook/en/latest/auto/integrations/kubernetes/pod/pod.html
Also, though I can't find a link for this right now, I do believe there is some way of setting a default pod spec for all tasks in a cluster; so we don't need to do it per 
@task
We've been planning to do this since we want to make use of the k8s downward api to control some env vars that control our code. Once I find the ticket with the details I'll post here.
m

Michael Tinsley

04/24/2023, 3:27 PM
Ah thank you for that - I see this page linked on the page you shared which looks like what you’re talking about?
m

Mike Ossareh

04/24/2023, 3:34 PM
full disclosure; we're running with the default serviceAccount, and we'd like to change that - but we haven't - so YMMV 🙂
3 Views
Powered by