Hi all, I deployed flyte on EKS with helm, using the latest docs. When flyte kicks off a task executor pod, it currently is getting the "default" role, which doesn't have the iam role annotation so therefor cannot access resources. The values applied in helm seem to be correct according to the docs, but this isn't being used by flyte. What could the problem be? The role exists in IAM, and the backend flyte pod (flyte-binary) is getting correctly linked to the IAM role via a different SA. helm get values:

configuration:
  inline:
    cluster_resources:
      customData:
      - production:
        - defaultIamRole:
            value: arn:aws:iam::<redacted>:role/flyte_user_role_staging
      - staging:
        - defaultIamRole:
            value: arn:aws:iam::<redacted>:role/flyte_user_role_staging
      - development:
        - defaultIamRole:
            value: arn:aws:iam::<redacted>:role/flyte_user_role_staging

describe pod shows it is using the default SA:

Name:             ap26hjbb7gbjdzc9fs94-n0-0
Namespace:        flytesnacks-development
Priority:         0
Service Account:  default

kubectl describe sa: (The default SA is not getting annotated)

Name:                default
Namespace:           flytesnacks-development
Labels:              <none>
Annotations:         <none>
Image pull secrets:  <none>
Mountable secrets:   <none>
Tokens:              <none>
Events:              <none>

@Guy Harel yes, I'm also finding this. Please add the following to your

values

file and then `helm upgrade`:

clusterResourceTemplates:
  inline:

    002_serviceaccount.yaml: |
      apiVersion: v1
      kind: ServiceAccount
      metadata:
        name: default
        namespace: '{{ namespace }}'
        annotations:
          <http://eks.amazonaws.com/role-arn|eks.amazonaws.com/role-arn>: '{{ defaultIamRole }}'

Thank you @David Espejo (he/him)!! That worked, much appreciated 🙂