This is hopefully a very simple question. I'm following this https://github.com/unionai-oss/deploy-flyte/tree/main/environments/aws/flyte-core but I'm not seeing anyway to setup the serviceaccount / imagepullsecrets for the task pods. Is there an interface for that?

interesting question. cc @average-finland-92144 do you know?

@average-secretary-61436 I just tested adding an additional template with a different SA name, like:

- key: aac_other_service_account
      value: |
        apiVersion: v1
        kind: ServiceAccount
        metadata:
          name: otherthanthat
          namespace: {{ namespace }}
          annotations:
            <http://eks.amazonaws.com/role-arn|eks.amazonaws.com/role-arn>: {{ defaultIamRole }}

and the controller created and annotated the

otherthanthat

KSA on each project-domain namespace.

k get sa -n flytesnacks-production
NAME            SECRETS   AGE
default         0         10d
otherthanthat   0         2m22s

 k describe sa otherthanthat -n flytesnacks-development
Name:                otherthanthat
Namespace:           flytesnacks-development
Labels:              <none>
Annotations:         <http://eks.amazonaws.com/role-arn|eks.amazonaws.com/role-arn>: arn:aws:iam::<aws-account-id>:role/flyte-tftest01-flyte-worker

Does it look like what you need? ``````

Hey @average-finland-92144 - Yes. but how do you get the taskpod to reference that sa?

hm in that case, you'd need to use a PodTemplate where you customize the KSA. If this is for a single task, you could do something like

@task(
    pod_template=PodTemplate(
        pod_spec=V1PodSpec(
            service_account_name="my-ksa",
            containers=[],
        )
    )
)
def ...

that's perfect thank you!