Kubernetes Service Account Roles
Service Accounts
A service account is a type of non-human account that, in Kubernetes, provides a distinct identity within a cluster. Application Pods, system components, and entities inside and outside the cluster can use a specific ServiceAccount's credentials to identify as that ServiceAccount.
Service Account Roles
A Role is a set of permissions that can be assigned to a service account within a namespace. It defines what actions are allowed on which resources.
The Studio Helm chart creates all the necessary service accounts and roles for the Studio deployment by default. Details about these can be found in the serviceaccount.yaml files inside the Helm chart folder.
If you would like to create them on your own, the automated creation can be disabled by setting the create flag to false under the respective services in the values.yaml file.
If you choose to create to create them manually, please take a note of the below rules that needs to be enabled for the model training and model running services. The application would fail to train and run a model if these roles are not provided to the service accounts.