Hello, We have installed the metaflow service in our GCP Kubernetes cluster (https://github.com/outerbounds/metaflow-tools/tree/master/k8s/helm/metaflow). Then we created a GCP service account (metaflow-metaflow-service) and we gave it all the required permissions for accessing storage objects (Storage Object Admin) and we used that via setting the env variable

METAFLOW_KUBERNETES_SERVICE_ACCOUNT=metaflow-metaflow-service

. Then, we used that env var

METAFLOW_DATASTORE_SYSROOT_GS=<gs://metaflow-storage>

to define our GCP bucket. Now, when we are running the HelloCloudFlow script (python hello.py run) with the

@kubernetes

annotation, a new pod is being spawned in our cluster that uses the above-mentioned service account (we have checked it by describing the pod) but we are getting this error:

Caller does not have storage.objects.get access

. How else can we authorize that spawned job pod to have access to our GS bucket if the service account itself doesn’t work? We cannot find any other information regarding this issue in the metaflow docs. Thanks