Apparently, our Kubernetes setup (self-managed on ...
# flyte-deployment
h
Apparently, our Kubernetes setup (self-managed on AWS) does not support IAM roles for service accounts. I guess the system-role can be used via
accesskey
for storage. What is the recommended alternative to use the user-role for workflows? Inject a secret as default environment variable in the k8s plugin?
k
Multiple options I guess, Do it outside of Flyte, inject secret using your own webhook Use flytes global secret system. - can be painful, as you have to add it Use default env car config, which will get injected all the time Use pod templates
h
Okay, thanks 🙏 Sounds like many options, probably going with the default env vars.
k
❤️
If you do find it useful, contribute a doc section - it might help the community
k
We're also on self managed kubernetes on AWS, haven't implemented this yet, but something we're looking into https://github.com/jtblin/kube2iam
h
Oh cool, that looks interesting. I will forward that to our infra team. How do you use user-roles in your setup?
k
@Katrina P / @Hanno Küpers do not know if you tried - but at lyft we used kiam (same as kube2iam in the past) - so the Iam role in launch form will pass it correctly - we should check the code On a side note. These do not scale well
109 Views