Hi! I want to make creating Project with a certain default IAM role with less friction. My understanding is like this(excluding Domain for simplicity): 1-

cluster_resource_manager.templates

helm value contains all the default k8s resources for a namespace(including namespace itself and ServiceAccount which we use to specify an IAM role) 2- We can specify a default IAM role for the ServiceAccounts. 3- User creates a project using

flytectl create project

4- flyteadmin creates namespace, serviceaccount and all other resoruces under

cluster_resource_manaager.templates

helm value. Our projects need different default IAM roles and we want our users to not have to go to the created namespace and create a ServiceAccount then specify it for each execution. So, is there any way to create projects with different default IAM roles/ServiceAccounts?

Cc @icy-agent-73298 can you help answer this. But, FlyteAdmin supports creating per project/domain defaults like service account, task resources etc The new Ui also shows it

Currently we support project-domain level defaults that you can configure using flytectl workflow-execution-config https://docs.flyte.org/projects/flytectl/en/latest/gen/flytectl_update_workflow-execution-config.html the doc explains how to add this

When we have these attributes at the project level in future, one must still create the k8s service account manually in each “$project-$domain” k8s namespace. Would it be possible in future to create service account(with given iam role) implicit with namespace creation as well?

@blue-ice-67112 we have purposely stayed away from creating the service account as tbh I believe in most companies Iam roles provisioning is very restricted. I don't know if this falls in flytes charter

@icy-agent-73298 having these attributes project-level sounds good