Service Account

In Kuberenetes Service Accounts are a way to manage and control access to resources within a Kubernetes cluster.

In TrueFoundry, Service Accounts can be used to give Applications IAM Principal level permissions and access without having to use any tokens or other ways.

Creating a Service Account

1. Click on the Workspace tab on the left panel of the platform.
2. Select the workspace where you want to add the Service Account.
3. Enable the Show advanced fields toggle.
4. Navigate to the Service Accounts section, and enable the toggle
5. Click on + Add Service Accounts
6. Enter the necessary details

Configuring Service Accounts for your Application

You can configure service accounts for your applications using different methods:

• Via the User Interface (UI)
• Via the Python SDK
• Via the CLI

Via the User Interface (UI)

1. In the Deployment Form locate the Show advanced fields toggle button at the very bottom.

2. Now you will be able to the see the Service Account Section

3. From the dropdown select the Service Account you want to attach to this applications

Via the Python SDK

In your Service deployment code deploy.py, include the following:

from servicefoundry import Build, Job, Service, PythonBuild

job = Job(  # or a Service
    name="iris-train-job",
    image=Build(
        build_spec=PythonBuild(
            command="python train.py",
            requirements_path="requirements.txt",
        )
    ),
    service_account="<service account>"
)
job.deploy(workspace_fqn="...")

Via the CLI

In your Service deployment configuration servicefoundry.yaml, include the following:

name: iris-train-job
type: job  # or a Service
image:
  type: build
  build_source:
    type: local
  build_spec:
    type: tfy-python-buildpack
    command: python train.py
    python_version: '3.9'
    requirements_path: requirements.txt
    build_context_path: ./
service_account: "<service_account>"
trigger:
  type: manual
resources:
  ...