-
Notifications
You must be signed in to change notification settings - Fork 105
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RBAC to launch as different service account #142
Comments
Hey @dmerrick! 👋🏻 Something like
My hunch is that Couler works on the deployment because the |
@dmerrick did the above help, by any chance? |
Unfortunately not, but it was still helpful. We ended up converting the Workflow to YAML and submitting it as a k8s object instead of going through the Argo API |
We have a web service that launches Argo jobs. We have it working with Couler but are having trouble with Hera. I think we're having a similar issue to this, but the solution isn't the same.
Basically our webservice runs as a deployment in
example
as service accountexample
. We have anargo-workflows
service account in namespaceexample
that has all of the necessary RBAC permissions.Unfortunately, when we run
get_sa_token()
(as suggested in your examples) we run into an unauthorized error. The full error looks like this:I take this to mean that the
example:example
service account is unable to access the secret for theargo-workflows:example
service account. What would we need to do to allow the deployment service account to launch jobs as the argo-workflows service account?Thanks!
The text was updated successfully, but these errors were encountered: