[GitHub] [airflow] dberzano commented on issue #16881: Re-deploy scheduler tasks failing with SIGTERM on K8s executor

Fri, 03 Sep 2021 07:59:50 -0700 


dberzano commented on issue #16881:
URL: https://github.com/apache/airflow/issues/16881#issuecomment-912603049


   OK, let me retract - our problem was, seemingly, different. The 
`serviceaccount` provided to the scheduler was not bound to roles containing 
the verb `patch` for the `pod` kind... so the issue is solved for us.
   
   @rodrigo-morais maybe it was the same issue for you, not sure. Apologies in 
advance for the noise, but let me share in case it helps you - In our case, the 
scheduler's error message contained the following failed attempt to adopt pods 
on the new scheduler's startup:
   
   ```
   2021-09-03 13:31:57,269] {kubernetes_executor.py:663} INFO - attempting to 
adopt pod verylongpodname.37909dcabdcfe4598967b725b12ef92c
   [2021-09-03 13:31:57,278] {kubernetes_executor.py:681} INFO - Failed to 
adopt pod verylongpodname.37909dcabdcfe4598967b725b12ef92c. Reason: (403)
   Reason: Forbidden
   HTTP response headers: HTTPHeaderDict({'Audit-Id': 
'aaaaaaaa-aaaa-aaaa-1111-bbbbbbbbbbbb', 'Cache-Control': 'no-cache, private', 
'Content-Type': 'application/json', 'X-Content-Type-Options': 'nosniff', 
'Date': 'Fri, 03 Sep 2021 13:31:57 GMT', 'Content-Length': '501'})
   HTTP response body: 
{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"pods
 \"verylongpodname.37909dcabdcfe4598967b725b12ef92c\" is forbidden: User 
\"system:serviceaccount:ournamespace:ourserviceaccount\" cannot patch resource 
\"pods\" in API group \"\" in the namespace 
\"ournamespace\"","reason":"Forbidden","details":{"name":"verylongpodname.37909dcabdcfe4598967b725b12ef92c","kind":"pods"},"code":403}
   ```
   
   We've edited the `role` resource (check with `kubectl get role`) by adding 
the `patch` verb to the `pods` kind, which was missing as the error message 
said quite clearly indeed.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to