[
https://issues.apache.org/jira/browse/FLINK-20990?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17265971#comment-17265971
]
Damian G edited comment on FLINK-20990 at 1/15/21, 3:18 PM:
------------------------------------------------------------
Thank you very much for quick answers - I really appreciate them!
I tried with both deprecated serviceAccount and with newer serviceAccountName
and it still doesn't seem to work
@Edit: Actually wait, maybe it does
@Edit2: It does, thank you very much!
was (Author: giero):
Thank you very much for quick answers - I really appreciate them!
I tried with both deprecated serviceAccount and with newer serviceAccountName
and it still doesn't seem to work
@Edit: Actually wait, maybe it does
> Service account property ignored for Kubernetes Standalone deployment
> ---------------------------------------------------------------------
>
> Key: FLINK-20990
> URL: https://issues.apache.org/jira/browse/FLINK-20990
> Project: Flink
> Issue Type: Bug
> Components: Deployment / Kubernetes
> Affects Versions: 1.12.0
> Reporter: Damian G
> Priority: Major
>
> We're using Kubernetes Standalone solution to deploy Flink on Kubernetes
> cluster. We created helm chart resources with following documentation:
> [https://ci.apache.org/projects/flink/flink-docs-release-1.12/deployment/resource-providers/standalone/kubernetes.html]
> The problem is that on 'production' environment the default service account
> is restricted from creating configmaps. I added
> _kubernetes.jobmanager.service-account_ property to flink-conf.yml to use
> different service account, but the error still says that the 'default'
> service account has no permission to create config maps. I'm trying to
> reproduce this on my local Kubernetes cluster, so:
> I'm creating ClusterRoleBinding for ClusterRole 'view' and assign it to
> 'flink-sa' service account in order to check if the creation of configmaps is
> now impossible
> In flink-conf.yaml I'm adding property
> _kubernetes.jobmanager.service-account: flink-sa_
> The cluster still creates configmaps and works correctly - meaning it doesn't
> use read-only service account I provided for it.
> Therefore I cannot change service account that Flink is using on 'production'
> environment - it will always use the default one.
> Shouldn't the option to configure which service account Flink deployment is
> using work for both Native Kubernetes deployment and Standalone Kubernetes
> deployment?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
