Udbhav30 commented on a change in pull request #24601: [SPARK-27702][K8S] Allow
using some alternatives for service accounts
URL: https://github.com/apache/spark/pull/24601#discussion_r370575459
##########
File path:
resource-managers/kubernetes/core/src/main/scala/org/apache/spark/scheduler/cluster/k8s/KubernetesClusterManager.scala
##########
@@ -50,10 +50,14 @@ private[spark] class KubernetesClusterManager extends
ExternalClusterManager wit
require(sc.conf.get(KUBERNETES_DRIVER_POD_NAME).isDefined,
"If the application is deployed using spark-submit in cluster mode,
the driver pod name " +
"must be provided.")
+ val serviceAccountToken =
+ Some(new
File(Config.KUBERNETES_SERVICE_ACCOUNT_TOKEN_PATH)).filter(_.exists)
+ val serviceAccountCaCrt =
+ Some(new
File(Config.KUBERNETES_SERVICE_ACCOUNT_CA_CRT_PATH)).filter(_.exists)
Review comment:
> The existing code already tries to use the given file first. Where did you
check the following?
>
> > If it does not exist, other configurations are allowed to use, such as
spark.kubernetes.authenticate.driver.mounted.oauthTokenFile.
Yes but still as we are passing 'KUBERNETES_SERVICE_ACCOUNT_TOKEN_PATH' to
create the kubernetesClient , the kubernetes fabric client will use that
service account path and will throw error as @wackxu mentioned.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
