hi how do I check the k8s configs for worker, simi...
# ask-community
v
hi how do I check the k8s configs for worker, similar to how I checked
prefect kubernetes manifest agent
? It says
... worker
isn't valid
n
hey @Vicky Kwan - you can check out the helm chart
v
Hi @Nate thanks for the link! I'm actually having a bigger problem: I don't know how to pass the service account into a k8s worker pool, so the deployment can use this service account to access the correct namespace. the error I'm hitting is:
then I wanted to check what/where is this service account
system:serviceaccount:prefect:prefect-worker
, because in the pool config page I only set the service account name to be
prefect-api-key
which is the exact service account that I passed into our helm chart
how can I check: 1. which service account is this pool really using, and if not correct, I'll update to the correct one, 2. what permission set looks like for this service account, if I need to override, should I do it over
role.extraPermissions
on the chart? I want to peek into the base permission set first and see what we need to update to
3. I don't quite get it why it's looking for
kube-system
while I specified a new namespace
prefect
?
n
if you go into
Edit
on your k8s work pool, you should see
and these should match your specifications in the helm chart to make sure your permissions work as expected
v
I tried that to match with the namespace and service account (on the org service accounts page right?) but still seeing the same error
n
your service account is called
prefect-api-key
?
seems like that would be the name of your k8s secret holding your api key
the service account in this context refers to the kubernetes service account - if you didnt configure yourself manually, i would leave it at the default on the helm chart and here on the work pool
v
thanks Nate! turned out we needed to explicitly set the
cluster.Uid
and I also found another similar thread in here somewhere