Ken Leidal

    Ken Leidal

    4 days ago
    Hi all! I’m trying to set up Flyte in GCP, and I’m running into some trouble while going through the deployment manual. On this step:
    gcloud iam service-accounts add-iam-policy-binding --role "roles/iam.workloadIdentityUser" --member "serviceAccount:${PROJECT_ID}.svc.id.goog[flyte/flyteadmin]" gsa-flyteadmin@${PROJECT_ID}.<http://iam.gserviceaccount.com|iam.gserviceaccount.com>
    I’m getting:
    ERROR: (gcloud.iam.service-accounts.add-iam-policy-binding) INVALID_ARGUMENT: Identity Pool does not exist (${PROJECT_ID}.svc.id.goog). Please check that you specified a valid resource name as returned in the `name` attribute in the configuration API.
    (PROJECT_ID being redacted in my message, but it’s the actual PROJECT_ID in the real log message). Do I need to create the k8s cluster and enable workload identity pools on it before running this command? --- PS: reading this thread with @Armaan Goel, yeah it looks like there is a problem with the order in the deployment manual, and I’ll have to launch the GKE cluster first.
    Ketan (kumare3)

    Ketan (kumare3)

    4 days ago
    Cc @Eduardo Apolinario (eapolinario)
    Ken Leidal

    Ken Leidal

    4 days ago
    @Armaan Goel’s guide helped me get through it. Thanks! https://docs.google.com/document/d/1skJWmt3hJoIuPQr_RfR-gB9wlatVSIcSD5VlBylJqd8/edit
    Eduardo Apolinario (eapolinario)

    Eduardo Apolinario (eapolinario)

    4 days ago
    Amazing, thanks for documenting this, @Ken Leidal. We're revamping the deployment docs and I'll make sure to incorporate your contribution for the GPC one.
    Ken Leidal

    Ken Leidal

    4 days ago
    Thanks! It’s @Armaan Goel’s contribution though. Just wanted to give my to it, since I hit it again.
    Ketan (kumare3)

    Ketan (kumare3)

    4 days ago
    Thank you @Armaan Goel
    Armaan Goel

    Armaan Goel

    4 days ago
    No worries, glad it was helpful!