Bring your towel and join one of the fastest growing data communities. Welcome to our second-generation open source orchestration platform, a completely rethought approach to dataflow automation.

Prefect Community

What permission do the Kubernetes Service account need to run flows as k8s jobs ? We use argo cd and i have created a role to create jobs. Looks like it’s trying to get cluster namespaces as well

Hi <@U03CENB6B46>, the worker should only need these permissions:
```- apiGroups: [""]
  resources: ["pods", "pods/log", "pods/status"]
  verbs: ["get", "watch", "list"]
- apiGroups: ["batch"]
  resources: ["jobs"]
  verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ]```

however, on install the worker does attempt to query the `kube-system` namespace and grab its UUID. If you don’t want to allow that - you can specify any UUID to use on the workers configuration under container environment variables like so:
```- name: PREFECT_KUBERNETES_CLUSTER_UID
  value: "UUID_HERE"```

what is the purpose of getting this uuid?

Hi Marty - <https://github.com/PrefectHQ/prefect/pull/7747|this> is the PR where it was introduced and does a good job explaining what we use it for