In Kuberenetes Service Accounts are a way to manage and control access to resources within a Kubernetes cluster.
In TrueFoundry, Service Accounts can be used to give Applications IAM Principal level permissions and access without having to use any tokens or other ways.
- Click on the
Workspacetab on the left panel of the platform.
- Select the workspace where you want to add the
- Enable the
Show advanced fieldstoggle.
- Navigate to the
Service Accountssection, and enable the toggle
- Click on
+ Add Service Accounts
- Enter the necessary details
You can configure service accounts for your applications using different methods:
- Via the User Interface (UI)
- Via the Python SDK
- Via the CLI
- In the Deployment Form locate the Show advanced fields toggle button at the very bottom.
- Now you will be able to the see the Service Account Section
- From the dropdown select the Service Account you want to attach to this applications
In your Service deployment code
deploy.py, include the following:
from servicefoundry import Build, Job, Service, PythonBuild job = Job( # or a Service name="iris-train-job", image=Build( build_spec=PythonBuild( command="python train.py", requirements_path="requirements.txt", ) ), service_account="<service account>" ) job.deploy(workspace_fqn="...")
In your Service deployment configuration
servicefoundry.yaml, include the following:
name: iris-train-job type: job # or a Service image: type: build build_source: type: local build_spec: type: tfy-python-buildpack command: python train.py python_version: '3.9' requirements_path: requirements.txt build_context_path: ./ service_account: "<service_account>" trigger: type: manual resources: ...
Updated 2 days ago