https://flyte.org logo
Join Slack
Powered by
Hello team, I'm trying to deploy flyte-binary char...
# flyte-deployment
g
Hello team, I'm trying to deploy flyte-binary chart and configure it so it uses only one service account in one namespace. Tried multiple approaches but I can't make it work. Would you suggest what configuration I should use to achieve that? Is this even possible?
a
Hey @gifted-yak-26115 so, you need that all executions run on a single K8s namespace using a particular Service Account?
g
Yes, this is exactly what I'm after! I think I figured half of the configuration out, using this config snippet:
Copy code
...
configuration:
  inline:
    flyteadmin:
      k8sServiceAccount: <my-service-account>
...
I'm still struggling with using just one namespace though 😕
a
you can set the following to instruct propeller to execute only on a particular ns:
Copy code
configuration:
  inline:
    namespace_mapping:
      template: "my_namespace"
g
Thank you! I think I used 
namespace_mapping
before but maybe I didn't place it in the right section 🤔
a
when you test it, please let us know if that works
g
deployment is in progress 🤞
Hmm it seems the workload was indeed executed in the desired namespace! 🎉 However, something's still trying to use some service account from <my-namespace>-development namespace. Do you have any clue what that could be? (and how to force it to use the correct namespace?)
Huh, this behaviour disappeared now.. perhaps I was hitting the old instance... Huge thanks @average-finland-92144! You helped me so much!
I'd love to offer some feedback on the docs though, I was really missing one place that would explain configuration accepted by flyte-binary app. I know there's this page but it only goes section by section and the fact there are subsections having the same name as the parent sections doesn't help either 😛 I think a full reference configuration would help a lot!
a
> Do you have any clue what that could be? (and how to force it to use the correct namespace?) by default every execution will use the 
default
KSA in each ns, you can imperatively register and run under a specific KSA, for example, with 
pyflyte run --service-account
that 
k8sServiceAccount
setting is for the FlyteAdmin pod itself AFAICT
and yeah, agree on the docs issue, reference configs are always biased but enhacing explanations could help. If you could draft an idea in a PR we can iterate on it to make it better 🙂
g
I'll try to set some time aside for this, yes 🙂
Oh there's just one more thing, I thought it would be resolved when using just one namespace but apparently not. When submitting workflow, some objects are pushed to s3 by flyte. While I have set both metadata and user data containers to a specific location with this:
Copy code
storage:
  metadataContainer: <my-bucket>/<my-prefix>
  userDataContainer: <my-bucket>/<my-prefix>
... I still see some objects getting written to 
s3://<my-bucket>/<project>
, omitting 
<my-prefix>
part. I could find some clues in the documentation however after trying them all out nothing really did the trick. I'd appreciate some help here 🙏
a
g
What I was trying to do felt a bit on the edge of what's supported so in the end I just created another bucket, reserved just for flyte. But thank you for the hint 🙂
a
Got it, thanks for confirming
3 Views
Open in Slack
PreviousNext
Powered by