Jan Fiedler03/07/2023, 12:52 PM
for accessing stuff in their account. What is currently happening when following the official documentation is that after exchanging secret, token and adjusting the cluster config on the control plane, the data-plane retrieves all the namespaces, quotas and Service Accounts from the control plane (which are created by the
i guess). This leaves me with default Service Accounts in the data-plane for all the projects/domains where the
of the control plane is annotated. Obviously i want the
of the data-planes in there, which are completely unused so far in my setup. One way would be to just replace the default Service Account annotation with the correct flyte-user-role in the project/domains i need them. Is there a better or correct way of doing this?
Jan Fiedler03/09/2023, 10:37 AM
Still happy to hear, if there is correct way of doing this 🙂
kubectl annotate serviceaccount -n $FLYTE_PROJECT_NAME-$domain default <http://eks.amazonaws.com/role-arn=arn:aws:iam::$ACCOUNT_ID:role/$FLYTE_USER_ROLE|eks.amazonaws.com/role-arn=arn:aws:iam::$ACCOUNT_ID:role/$FLYTE_USER_ROLE> --overwrite