liyinan926 commented on issue #27034: [SPARK-30122][K8S] Support spark.kubernetes.authenticate.executor.serviceAccountName URL: https://github.com/apache/spark/pull/27034#issuecomment-582630983 > @liyinan926 let me try to explain the use case. Assume you have to process a bunch of files stored in S3; the executor pods are the ones reading them, so they need to have the AWS credentials to access S3. In order to use pod identity (https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts) you need to provide the executors with their own service account --> associated with a certain role. Got it. It's similar to the way GCP's [workload identity](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity) works, and this will be useful for users using GCS/BigQuery through the workload identity also. @ayudovin if you could make the change to make the fallback service account the `default` one, this PR looks good to me.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
