Hi! I want to make creating Project with a certa...
# ask-the-community
m
Hi! I want to make creating Project with a certain default IAM role with less friction. My understanding is like this(excluding Domain for simplicity): 1-
cluster_resource_manager.templates
helm value contains all the default k8s resources for a namespace(including namespace itself and ServiceAccount which we use to specify an IAM role) 2- We can specify a default IAM role for the ServiceAccounts. 3- User creates a project using
flytectl create project
4- flyteadmin creates namespace, serviceaccount and all other resoruces under
cluster_resource_manaager.templates
helm value. Our projects need different default IAM roles and we want our users to not have to go to the created namespace and create a ServiceAccount then specify it for each execution. So, is there any way to create projects with different default IAM roles/ServiceAccounts?
k
Cc @Prafulla Mahindrakar can you help answer this. But, FlyteAdmin supports creating per project/domain defaults like service account, task resources etc The new Ui also shows it
p
Currently we support project-domain level defaults that you can configure using flytectl workflow-execution-config https://docs.flyte.org/projects/flytectl/en/latest/gen/flytectl_update_workflow-execution-config.html the doc explains how to add this
You can use the get command to get the existing config or generate a sample one and apply using an update
We are currently working on proposal to have these attributes at the project level
m
When we have these attributes at the project level in future, one must still create the k8s service account manually in each “$project-$domain” k8s namespace. Would it be possible in future to create service account(with given iam role) implicit with namespace creation as well?
k
@Mücahit we have purposely stayed away from creating the service account as tbh I believe in most companies Iam roles provisioning is very restricted. I don't know if this falls in flytes charter
👍 1
m
@Prafulla Mahindrakar having these attributes project-level sounds good
146 Views