Michel Rouly
08/20/2021, 10:13 PMdagster-daemon
having an inability to assume IAM roles on k8s? More details in 🧵Michel Rouly
08/20/2021, 10:15 PMdagster-daemon
and dagster-user-code-deployment
pods. Both use the service account dagster
Michel Rouly
08/20/2021, 10:16 PMserviceAccount.annotations
set to the same IAM role:
<http://eks.amazonaws.com/role-arn|eks.amazonaws.com/role-arn>: arn:aws:iam::account_id:role/terraform/dagster
Michel Rouly
08/20/2021, 10:18 PMMichel Rouly
08/20/2021, 10:21 PMMichel Rouly
08/20/2021, 10:23 PMdagster
.
so.....even though the dagster-daemon
was using the correct user.....it was invoking the sensor in the user code deployment remotely. and since the user code deployment had the wrong user. it couldn't assume the role appropriately.Michel Rouly
08/20/2021, 10:23 PMjohann
08/23/2021, 1:18 PMMichel Rouly
08/23/2021, 2:36 PMMichel Rouly
08/23/2021, 2:38 PMnote
subsection at the end of that section.johann
08/23/2021, 2:39 PM