For k8s agents do I need to use a service account for them Prefect Community #ask-community

Join Slack

For k8s agents, do I need to use a service account...

# ask-community

warmwaffles

09/24/2021, 7:08 PM

For k8s agents, do I need to use a service account for them?

warmwaffles

09/24/2021, 7:15 PM

Having a hard time looking at this agent deployment configuration and seeing •

PREFECT__CLOUD__AGENT__AUTH_TOKEN

•

PREFECT__CLOUD__API_KEY

•

PREFECT__CLOUD__TENANT_ID

•

SERVICE_ACCOUNT_NAME

Zanie

09/24/2021, 7:41 PM

SERVICE_ACCOUNT_NAME

is used to specify the K8s service account that the job should be submitted with

Zanie

09/24/2021, 7:41 PM

PREFECT__CLOUD__AGENT__AUTH_TOKEN

is legacy support for auth tokens, you should not need this unless you are running flows pre 0.15.x

Zanie

09/24/2021, 7:41 PM

PREFECT__CLOUD__API_KEY

is the API key for the Prefect Service Account / User that you want to use to run flows

warmwaffles

09/24/2021, 7:42 PM

Cool, so I can leave auth token blank then

Zanie

09/24/2021, 7:42 PM

PREFECT__CLOUD__TENANT_ID

is for if a user API key is used since it can span multiple tenants

warmwaffles

09/24/2021, 7:44 PM

@Zanie what is

IMAGE_PULL_SECRETS

warmwaffles

09/24/2021, 7:45 PM

sorry, I'm trying to set this up with kustomize and kubectl so I can deploy it easily in our environment

Tyler Wanner

09/24/2021, 7:45 PM

IMAGE_PULL_SECRETS are used to authenticate with private image repos

Tyler Wanner

09/24/2021, 7:46 PM

all k8s workloads have serviceaccounts, so if you don't specify one, the agent's jobs will spin up with the

default

serviceaccount

Tyler Wanner

09/24/2021, 7:47 PM

it is not important to worry about kubernetes serviceaccounts unless you have specific RBAC auth or security set up around them inside the cluster

warmwaffles

09/24/2021, 7:48 PM

ya nothing too crazy AFAIK. I play ops in my free time.

marvin 1

warmwaffles

09/24/2021, 7:48 PM

Just trying to replace celery

2 Views

Open in Slack

Previous Next