prefect icon indicating copy to clipboard operation
prefect copied to clipboard
verified publisher icon PrefectHQ

Add discussion of Prefect worker access to `kube-system` and alternatives to K8s guide

Open discdiver opened this issue 1 year ago • 0 comments

First check

  • [X] I added a descriptive title to this issue.
  • [X] I used GitHub search to find a similar request and didn't find it 😇

Describe the issue

Would be good to explain why Prefect worker needs access to kube-system and work arounds

From source code docs:

  There is no real unique identifier for a cluster. However, the `kube-system`
        namespace is immutable and has a persistence UID that we use instead.

        PREFECT_KUBERNETES_CLUSTER_UID can be set in cases where the `kube-system`
        namespace cannot be read e.g. when a cluster role cannot be created. If set,
        this variable will be used and we will not attempt to read the `kube-system`
        namespace.

Describe the proposed change

Add the above to the K8s guide doc and discuss

Alternatives to accessing via kube-system:

  • Setting variable: PREFECT_KUBERNETES_CLUSTER_UID
  • Helm chart for the worker accepts a value for clusterUid

Additional context

Somewhat related issue: #9851

discdiver avatar Jan 18 '24 17:01 discdiver