Hola! I have deployed argo-workflows on our EKS cluster using the helm chart with these values (omitting ingress and auth here, I can access the ui without problem):

fullnameOverride: ai-argowf

controller:
  serviceAccount:
    create: true
    name: argo-controller
  workflowNamespaces:
    - default
    - argo
    - metaflow
  name: controller

server:
  serviceAccount:
    create: true
    name: argo-server-admin

I have now a namespace called

argo

and a

serviceaccount

for each the controller and the server (created with the helm chart). I also have another namespace named

metaflow

with a service accoung called

metaflow

that I use to run metaflow

--with kubernetes

. If I want to create an argo workflow

--with retry argo-workflows create

I get an error:

Argo Client error:
    <http://workflowtemplates.argoproj.io|workflowtemplates.argoproj.io> "sportbasicsdatagenerationflow" is forbidden: User "system:serviceaccount:metaflow:metaflow" cannot get resource "workflowtemplates" in API group "<http://argoproj.io|argoproj.io>" in the namespace "argo"

I have tried changing the service account value to use the argo service account: I have tried in the

@kubernetes

decorator, in the

config file

and using

METAFLOW_KUBERNETES_SERVICE_ACCOUNT=the_svsacct

in the cli but that does not change the value of the service account and I get the same error. Should I add all the permisions in the role binded to the metaflow service account or is there a way to use different service accounts?