Service Account
In Kuberenetes Service Accounts are a way to manage and control access to resources within a Kubernetes cluster.
In TrueFoundry, Service Accounts can be used to give Applications IAM Principal level permissions and access without having to use any tokens or other ways.
Creating a Service Account
- Click on the
Workspacetab on the left panel of the platform. - Select the workspace where you want to add the
Service Account. - Enable the
Show advanced fieldstoggle. - Navigate to the
Service Accountssection, and enable the toggle - Click on
+ Add Service Accounts - Enter the necessary details
Configuring Service Accounts for your Application
You can configure service accounts for your applications using different methods:
- Via the User Interface (UI)
- Via the Python SDK
- Via the CLI
Via the User Interface (UI)
- In the Deployment Form locate the Show advanced fields toggle button at the very bottom.
- Now you will be able to the see the Service Account Section
- From the dropdown select the Service Account you want to attach to this applications
Via the Python SDK
In your Service deployment code deploy.py, include the following:
from servicefoundry import Build, Job, Service, PythonBuild
job = Job( # or a Service
name="iris-train-job",
image=Build(
build_spec=PythonBuild(
command="python train.py",
requirements_path="requirements.txt",
)
),
service_account="<service account>"
)
job.deploy(workspace_fqn="...")
Via the CLI
In your Service deployment configuration servicefoundry.yaml, include the following:
name: iris-train-job
type: job # or a Service
image:
type: build
build_source:
type: local
build_spec:
type: tfy-python-buildpack
command: python train.py
python_version: '3.9'
requirements_path: requirements.txt
build_context_path: ./
service_account: "<service_account>"
trigger:
type: manual
resources:
...
Updated 2 days ago