You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@spark.apache.org by "Neelesh Srinivas Salian (Jira)" <ji...@apache.org> on 2020/09/23 00:38:00 UTC

[jira] [Issue Comment Deleted] (SPARK-27872) Driver and executors use a different service account breaking pull secrets

     [ https://issues.apache.org/jira/browse/SPARK-27872?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Neelesh Srinivas Salian updated SPARK-27872:
--------------------------------------------
    Comment: was deleted

(was: I have a patch to add this fix to the 2.4.x (currently 2.4.6) release. 
 Should I add it here or a new cloned issue? [~eje]

[|https://github.com/apache/spark/pull/29844])

> Driver and executors use a different service account breaking pull secrets
> --------------------------------------------------------------------------
>
>                 Key: SPARK-27872
>                 URL: https://issues.apache.org/jira/browse/SPARK-27872
>             Project: Spark
>          Issue Type: Bug
>          Components: Kubernetes, Spark Core
>    Affects Versions: 2.4.3, 3.0.0
>            Reporter: Stavros Kontopoulos
>            Assignee: Stavros Kontopoulos
>            Priority: Major
>             Fix For: 3.0.0
>
>
> Driver and executors use different service accounts in case the driver has one set up which is different than default: [https://gist.github.com/skonto/9beb5afa2ec4659ba563cbb0a8b9c4dd]
> This makes the executor pods fail when the user links the driver service account with a pull secret: [https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account]. Executors will not use the driver's service account and will not be able to get the secret in order to pull the related image. 
> I am not sure what is the assumption here for using the default account for executors, probably because of the fact that this account is limited (btw executors dont create resources)? This is an inconsistency that could be worked around with the pod template feature in Spark 3.0.0 but it breaks pull secrets and in general I think its a bug to have it. 
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org