Alex Bain
04/28/2022, 12:48 AMv1.0.0
that have partially broken the kubernetes_service_account
, i.e. some of our workflows are executing with the declared service account and some are just executing with default
. I'm still working on debugging it.flytectl get execution --admin.endpoint avflyteadmin.pdx.l5.woven-planet.tech:443 -p avexampleworkflows -d dev atbnkl5564m49swgmqxk --output yaml
...
securityContext:
runAs:
k8sServiceAccount: avexampleworkflows
securityContext:
runAs:
k8sServiceAccount: default
spec:
annotations: {}
authRole:
kubernetesServiceAccount: avexampleworkflows
but it is ending up as default
in the executionflytekit==0.23.0b1
is just too old. The workflows using default
are using that flytekit
version. Workflows picking up the correct service account are using a newer version of flytekit
. Working on confirming this...flytekit
versioning issue. @katrina the issue is that in new Admin version when users run flyte-cli register-files
now --output-location-prefix
is required in order for ----kubernetes-service-account
to actually take effect.Prafulla Mahindrakar
04/28/2022, 5:17 AMkatrina
now --output-location-prefix is required in order for ----kubernetes-service-account to actually take effect.
Alex Bain
04/28/2022, 5:24 PMflyte-cli register-files --kubernetes-service-account <accountName>
my task pods no longer run with the declared service account (they run with "default") unless you also pass --output-location-prefix--kubernetes-service-account <accountName>
alone was good enough.katrina