Channels
announcements
ask-marvin
best-practices-coordination-plane
data-ecosystem
data-tricks-and-tips
events
find-a-prefect-job
geo-bay-area
geo-berlin
geo-boston
geo-chicago
geo-colorado
geo-dc
geo-israel
geo-japan
geo-london
geo-nyc
geo-seattle
geo-texas
gratitude
introductions
marvin-in-the-wild
pacc-clearcover-june-12-2023
pacc-may-31-2023
ppcc-may-16-2023
prefect-ai
prefect-aws
prefect-azure
prefect-cloud
prefect-community
prefect-contributors
prefect-dbt
prefect-docker
prefect-gcp
prefect-getting-started
prefect-integrations
prefect-kubernetes
prefect-recipes
prefect-server
prefect-ui
random
show-us-what-you-got
Title
l
Lon Nix
10/15/2021, 3:11 PMI'm running prefect server in k8s so I have pods for all prefects pieces, pods for the k8s agents and then those pods are making pods for the flows. How do I control configuration of the flow pods? I would like to annotate them to grant IAM permissions. Do they get whatever the k8s agent has? Can I pass something from the agent to the flow pods?
a
Anna Geller
10/15/2021, 4:37 PMHi @Lon Nix, all of what you are describing seems to be configurable by using KubernetesRun run configuration. KubernetesAgent deploys flows as Kubernetes jobs and by using KubernetesRun you can configure a service account to use for each flow as needed.
When you say IAM, I assume you mean AWS, right? ๐ if so, AWS has some docs showing how to set up IAM roles for service accounts.
l
Lon Nix
10/15/2021, 4:40 PMgotcha. thanks. Is service account the only thing? We're not quite to the IAM roles for SA setup yet, we use kube2iam and annotations control access. could I use the
job_templatea
Anna Geller
10/15/2021, 4:40 PMAnd when it comes to passing something from the agent to the flow pods, itโs possible to pass certain things like environment variables when you start the agent - those should be available in flow pods as well:
prefect agent <AGENT TYPE> start --env KEY=VALUEYes, you can use the
job_templatejob_template_pathl
Lon Nix
10/15/2021, 4:49 PMawesome, thanks!
๐ 1