What permission do the Kubernetes Service account ...
# ask-community
s
What permission do the Kubernetes Service account need to run flows as k8s jobs ? We use argo cd and i have created a role to create jobs. Looks like it’s trying to get cluster namespaces as well
1
j
Hi @Sivanandha Rajadurai, the worker should only need these permissions:
Copy code
- apiGroups: [""]
  resources: ["pods", "pods/log", "pods/status"]
  verbs: ["get", "watch", "list"]
- apiGroups: ["batch"]
  resources: ["jobs"]
  verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ]
however, on install the worker does attempt to query the
kube-system
namespace and grab its UUID. If you don’t want to allow that - you can specify any UUID to use on the workers configuration under container environment variables like so:
Copy code
- name: PREFECT_KUBERNETES_CLUSTER_UID
  value: "UUID_HERE"
s
Yup thanks.
m
what is the purpose of getting this uuid?
j
Hi Marty - this is the PR where it was introduced and does a good job explaining what we use it for