potiuk commented on issue #20408: URL: https://github.com/apache/airflow/issues/20408#issuecomment-998630997
> I followed all the steps in the Google docs for Workload Identity but am still having issues. I see that there are many K8s service accounts created by default by the Airflow Helm chart, but for Workload Identity you need to specify a single K8s service account to connect to a GCP service account. Which K8s service account does Airflow use? Are you able to shed more light on the role of all of the service accounts used/created by the Helm chart? It's not what "Helm Chart" does by default. If you are using K8S executor, then you can (and even should) define pod template https://airflow.apache.org/docs/apache-airflow/stable/executor/kubernetes.html#configuration and it will create you the PODs in the way and configuration that you specify. What you need to do is to create your POD template with all the necessary configuration for K8S. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
