[
https://issues.apache.org/jira/browse/FLINK-27425?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17530079#comment-17530079
]
Mark Nuttall commented on FLINK-27425:
--------------------------------------
After further investigation, I realised that what doesn't work, is the
sql-client when used by exec'ing into a session cluster. Application clusters
work just fine by submitting the same SQL using Table API. A remote sql-client
can correctly connect to the session cluster as-is, and submit work to it that
reads from Kafka. So I'm closing the issue.
> Default job service account needs access to services to work with Kafka
> -----------------------------------------------------------------------
>
> Key: FLINK-27425
> URL: https://issues.apache.org/jira/browse/FLINK-27425
> Project: Flink
> Issue Type: Bug
> Components: Kubernetes Operator
> Affects Versions: kubernetes-operator-0.1.0
> Reporter: Mark Nuttall
> Priority: Major
> Labels: pull-request-available
>
> FlinkDeployments using the `kafka` connector and default `flink` role fail
> with errors of the form,
>
> [ERROR] Could not execute SQL statement. Reason:
> io.fabric8.kubernetes.client.KubernetesClientException: Failure executing:
> GET at:
> https://10.96.0.1/api/v1/namespaces/default/services/basic-example-rest.
> Message: Forbidden!Configured service account doesn't have access. Service
> account may have been revoked. services "basic-example-rest" is forbidden:
> User "system:serviceaccount:default:flink" cannot get resource "services" in
> API group "" in the namespace "default".
>
> I have a simple fix and will submit a PR shortly.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
