https://flyte.org logo
#flyte-deployment
Title
# flyte-deployment
h

Hanno Küpers

11/01/2022, 8:27 AM
Apparently, our Kubernetes setup (self-managed on AWS) does not support IAM roles for service accounts. I guess the system-role can be used via
accesskey
for storage. What is the recommended alternative to use the user-role for workflows? Inject a secret as default environment variable in the k8s plugin?
k

Ketan (kumare3)

11/01/2022, 2:08 PM
Multiple options I guess, Do it outside of Flyte, inject secret using your own webhook Use flytes global secret system. - can be painful, as you have to add it Use default env car config, which will get injected all the time Use pod templates
h

Hanno Küpers

11/01/2022, 2:50 PM
Okay, thanks 🙏 Sounds like many options, probably going with the default env vars.
k

Ketan (kumare3)

11/01/2022, 2:51 PM
❤️
If you do find it useful, contribute a doc section - it might help the community
k

Katrina P

11/01/2022, 9:17 PM
We're also on self managed kubernetes on AWS, haven't implemented this yet, but something we're looking into https://github.com/jtblin/kube2iam
h

Hanno Küpers

11/02/2022, 9:55 AM
Oh cool, that looks interesting. I will forward that to our infra team. How do you use user-roles in your setup?
k

Ketan (kumare3)

11/02/2022, 1:18 PM
@Katrina P / @Hanno Küpers do not know if you tried - but at lyft we used kiam (same as kube2iam in the past) - so the Iam role in launch form will pass it correctly - we should check the code On a side note. These do not scale well
2 Views