[
https://issues.apache.org/jira/browse/FLINK-20990?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Matthias updated FLINK-20990:
-----------------------------
Component/s: Deployment / Kubernetes
> Service account property ignored for Kubernetes Standalone deployment
> ---------------------------------------------------------------------
>
> Key: FLINK-20990
> URL: https://issues.apache.org/jira/browse/FLINK-20990
> Project: Flink
> Issue Type: Bug
> Components: Deployment / Kubernetes
> Affects Versions: 1.12.0
> Reporter: Damian G
> Priority: Major
>
> We're using Kubernetes Standalone solution to deploy Flink on Kubernetes
> cluster. We created helm chart resources with following documentation:
> [https://ci.apache.org/projects/flink/flink-docs-release-1.12/deployment/resource-providers/standalone/kubernetes.html]
> The problem is that on 'production' environment the default service account
> is restricted from creating configmaps. I added
> _kubernetes.jobmanager.service-account_ property to flink-conf.yml to use
> different service account, but the error still says that the 'default'
> service account has no permission to create config maps. I'm trying to
> reproduce this on my local Kubernetes cluster, so:
> I'm creating ClusterRoleBinding for ClusterRole 'view' and assign it to
> 'flink-sa' service account in order to check if the creation of configmaps is
> now impossible
> In flink-conf.yaml I'm adding property
> _kubernetes.jobmanager.service-account: flink-sa_
> The cluster still creates configmaps and works correctly - meaning it doesn't
> use read-only service account I provided for it.
> Therefore I cannot change service account that Flink is using on 'production'
> environment - it will always use the default one.
> Shouldn't the option to configure which service account Flink deployment is
> using work for both Native Kubernetes deployment and Standalone Kubernetes
> deployment?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
