kubernetes: add support for setting job service accounts

## Description


Currently our Kubernetes scheduler doesn't have a way to specify a jobs service account. This means that the job only can use the permissions provided by the node IAM role. For multi-user clusters you want more fine-grained security controls so we should add a way to set the service account via a runopt.


## Detailed Proposal


Add a `serviceaccount` runopt to the scheduler:

```
torchx run -s kubernetes -c serviceaccount=myteam ...
```

or via `.torchxconfig`

```toml
[kubernetes]
serviceaccount=myteam
```

and it should add the service account to the spec

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/


## Additional context/links



https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html
https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

kubernetes: add support for setting job service accounts #406

Description

Detailed Proposal

Additional context/links

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

kubernetes: add support for setting job service accounts #406

Description

Description

Detailed Proposal

Additional context/links

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions