Jan Fiedler
03/07/2023, 12:52 PMflyte-user-roles
for accessing stuff in their account. What is currently happening when following the official documentation is that after exchanging secret, token and adjusting the cluster config on the control plane, the data-plane retrieves all the namespaces, quotas and Service Accounts from the control plane (which are created by the cluster_resource_manager
i guess). This leaves me with default Service Accounts in the data-plane for all the projects/domains where the flyte-user-role
of the control plane is annotated. Obviously i want the flyte-user-roles
of the data-planes in there, which are completely unused so far in my setup.
One way would be to just replace the default Service Account annotation with the correct flyte-user-role in the project/domains i need them. Is there a better or correct way of doing this?Samhita Alla
Jan Fiedler
03/09/2023, 10:37 AMkubectl annotate serviceaccount -n $FLYTE_PROJECT_NAME-$domain default <http://eks.amazonaws.com/role-arn=arn:aws:iam::$ACCOUNT_ID:role/$FLYTE_USER_ROLE|eks.amazonaws.com/role-arn=arn:aws:iam::$ACCOUNT_ID:role/$FLYTE_USER_ROLE> --overwrite
Still happy to hear, if there is correct way of doing this 🙂