[
https://issues.apache.org/jira/browse/SPARK-27872?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16850804#comment-16850804
]
Stavros Kontopoulos commented on SPARK-27872:
---------------------------------------------
[~eje] [~liyinan926] I can proceed with a PR to fix it if we agree, thoughts?
> Driver and executors use a different service acount
> ---------------------------------------------------
>
> Key: SPARK-27872
> URL: https://issues.apache.org/jira/browse/SPARK-27872
> Project: Spark
> Issue Type: Bug
> Components: Kubernetes
> Affects Versions: 3.0.0, 2.4.3
> Reporter: Stavros Kontopoulos
> Priority: Major
>
> Driver and executors use different service accounts in case the driver has
> one other than the default:
> [https://gist.github.com/skonto/9beb5afa2ec4659ba563cbb0a8b9c4dd]
> This makes the pod fail when the user links a service account with a secret:
> [https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account]
>
> as executors will not use the driver's service account and will not be able
> to get the secret in order to pull the related image.
> I am not sure what is the assumption here for using the default account for
> executors, probably that this account is limited (executors dont create
> resources)? This is an inconsistency that could be worked around with the pod
> template feature in Spark 3.0.0 but it breaks pull secrets.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
