Damian G created FLINK-20990:
--------------------------------
Summary: Service account property ignored for Kubernetes
Standalone deployment
Key: FLINK-20990
URL: https://issues.apache.org/jira/browse/FLINK-20990
Project: Flink
Issue Type: Bug
Affects Versions: 1.12.0
Environment: Created helm chart resources with following
documentation:
[https://ci.apache.org/projects/flink/flink-docs-release-1.12/deployment/resource-providers/standalone/kubernetes.html]
Reporter: Damian G
We're using Kubernetes Standalone solution to deploy Flink on Kubernetes
cluster.
The problem is that on 'production' environment the default service account is
restricted from creating configmaps. I added
_kubernetes.jobmanager.service-account_ property to flink-conf.yml to use
different service account, but the error still says that the 'default' service
account has no permission to create config maps. I'm trying to reproduce this
on my local Kubernetes cluster, so:
I'm creating ClusterRoleBinding for ClusterRole 'view' and assign it to
'flink-sa' service account in order to check if the creation of configmaps is
now impossible
In flink-conf.yaml I'm adding property _kubernetes.jobmanager.service-account:
flink-sa_
The cluster still creates configmaps and works correctly - meaning it doesn't
use read-only service account I provided for it.
Therefore I cannot change service account that Flink is using on 'production'
environment - it will always use the default one.
Shouldn't the option to configure which service account Flink deployment is
using work for both Native Kubernetes deployment and Standalone Kubernetes
deployment?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
