From 131f0fe7554605c0a7f1e5fb604deb229241c54c Mon Sep 17 00:00:00 2001 From: Sooter Saalu <53571625+Soot3@users.noreply.github.com> Date: Wed, 6 Nov 2024 19:07:23 +0100 Subject: [PATCH] flyte needs permissions To utilize dask custom resources, permissions need to be granted to the flyte service account Signed-off-by: Sooter Saalu <53571625+Soot3@users.noreply.github.com> --- examples/k8s_dask_plugin/README.md | 46 ++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/examples/k8s_dask_plugin/README.md b/examples/k8s_dask_plugin/README.md index c5f6a02ed..e96ecd071 100644 --- a/examples/k8s_dask_plugin/README.md +++ b/examples/k8s_dask_plugin/README.md @@ -80,6 +80,52 @@ Ensure that your Kubernetes cluster has sufficient resources available. Depending on the resource requirements of your Dask job (including the job runner, scheduler and workers), you may need to adjust the resource quotas for the namespace accordingly. +:::{note} +When working with [Dask's custom resources](https://kubernetes.dask.org/en/latest/operator_resources.html#custom-resources), your Flyte service account needs explicit permissions. To that end, you need to create and bind a Cluster role. +::: + +##### Sample Cluster Role +>```yaml +>apiVersion: +>kind: ClusterRole +>metadata: +> name: dask-dask-kubernetes-operator-role-cluster +> labels: +> : Helm +> annotations: +> : dask +> : dask +>rules: +> - verbs: +> - list +> - watch +> apiGroups: +> - +> resources: +> - customresourcedefinitions +> - verbs: +> - get +> - list +> - watch +> - patch +> - create +> - delete +> apiGroups: +> - +> resources: +> - daskclusters +> - daskworkergroups +> - daskjobs +> - daskjobs/status +> - daskautoscalers +> - daskworkergroups/scale +>``` + +##### Binding command +```shell +kubectl create clusterrolebinding flyte-dask-cluster-role-binding --clusterrole=dask-dask-kubernetes-operator-role-cluster --serviceaccount= +``` + ### Resource specification It's recommended to define `limits` as this will establish the