https://flyte.org logo
#flyte-deployment
Title
# flyte-deployment
g

Guy Harel

08/31/2023, 12:56 PM
Hi all, I deployed flyte on EKS with helm, using the latest docs. When flyte kicks off a task executor pod, it currently is getting the "default" role, which doesn't have the iam role annotation so therefor cannot access resources. The values applied in helm seem to be correct according to the docs, but this isn't being used by flyte. What could the problem be? The role exists in IAM, and the backend flyte pod (flyte-binary) is getting correctly linked to the IAM role via a different SA. helm get values:
Copy code
configuration:
  inline:
    cluster_resources:
      customData:
      - production:
        - defaultIamRole:
            value: arn:aws:iam::<redacted>:role/flyte_user_role_staging
      - staging:
        - defaultIamRole:
            value: arn:aws:iam::<redacted>:role/flyte_user_role_staging
      - development:
        - defaultIamRole:
            value: arn:aws:iam::<redacted>:role/flyte_user_role_staging
describe pod shows it is using the default SA:
Copy code
Name:             ap26hjbb7gbjdzc9fs94-n0-0
Namespace:        flytesnacks-development
Priority:         0
Service Account:  default
kubectl describe sa: (The default SA is not getting annotated)
Copy code
Name:                default
Namespace:           flytesnacks-development
Labels:              <none>
Annotations:         <none>
Image pull secrets:  <none>
Mountable secrets:   <none>
Tokens:              <none>
Events:              <none>
d

David Espejo (he/him)

08/31/2023, 3:13 PM
@Guy Harel yes, I'm also finding this. Please add the following to your
values
file and then `helm upgrade`:
Copy code
clusterResourceTemplates:
  inline:

    002_serviceaccount.yaml: |
      apiVersion: v1
      kind: ServiceAccount
      metadata:
        name: default
        namespace: '{{ namespace }}'
        annotations:
          <http://eks.amazonaws.com/role-arn|eks.amazonaws.com/role-arn>: '{{ defaultIamRole }}'
g

Guy Harel

08/31/2023, 6:08 PM
Thank you @David Espejo (he/him)!! That worked, much appreciated 🙂
9 Views