Hampus Rosvall

    Hampus Rosvall

    5 months ago
    Hi, a few questions regarding permissions and configuration: • What is the preferred way to provide identities for task Pods? Would you specify IAM Role in Launch Plan, or provide an Service Account in the
    flyte.config
    ? • Is it best practice to assign a SA/IAM role for each task, or reuse the same identity on a workflow basis? • What should be configured in
    flyte.config
    vs
    ~/.flyte/config.yaml
    ?
    Samhita Alla

    Samhita Alla

    5 months ago
    Hello @Hampus Rosvall! 1. Both are identical. Providing an IAM role in
    flyte.config
    is kinda general, whereas IAM role for a specific launch plan is helpful if you want to override the value in
    flyte.config
    or the default value. 2. I think it’d be nice to have an IAM role per project-domain. You can also have it per workflow; it depends on the use case. Task should be ok, too. I might have to ask @Prafulla Mahindrakar or @Yuvraj to chime in here. 3.
    flyte.config
    holds the configuration for FlyteRemote or the execution-related parameters (e.g., https://github.com/flyteorg/flytelab/blob/main/templates/basic/%7B%7Bcookiecutter.project_name%7D%7D/dashboard/remote.config) and
    ~/flyte/config.yaml
    is for Flytectl. We’re revamping this flow where
    flyte.config
    is no more required; the release with these changes should be out very soon!
    p

    Prafulla Mahindrakar

    5 months ago
    For 2. Per project-domain level IAM role / Service account is coming in new release .