You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@kyuubi.apache.org by GitBox <gi...@apache.org> on 2022/12/12 08:57:13 UTC

[GitHub] [incubator-kyuubi] pan3793 commented on a diff in pull request #3906: [KYUUBI #3902][DOC] Add ServiceAccount related content in kyuubi deploy on kubernetes

pan3793 commented on code in PR #3906:
URL: https://github.com/apache/incubator-kyuubi/pull/3906#discussion_r1045550569


##########
docs/deployment/kyuubi_on_kubernetes.md:
##########
@@ -72,6 +72,21 @@ You can deploy single-node Kyuubi through `${KYUUBI_HOME}/docker/kyuubi-pod.yaml
 
 Also, you can use `${KYUUBI_HOME}/docker/kyuubi-service.yaml` to deploy Kyuubi Service.
 
+### [Optional] ServiceAccount
+
+According to [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/), we need to give kyuubi server the corresponding kubernetes privileges for `created/list/delete` engine pods in kubernetes.
+
+You should create your serviceAccount ( or reuse account with the appropriate privileges ) and set your serviceAccountName for kyuubi pod, which you can find template in `${KYUUBI_HOME}/docker/kyuubi-deployment.yaml` or `${KYUUBI_HOME}/docker/kyuubi-pod.yaml`.
+
+For example, you can create serviceAccount by following command:
+
+```shell
+kubectl create serviceAccount kyuubi -n <your namespace>
+
+kubectl create rolebinding kyuubi-role --role=edit --serviceAccount=<your namespace>:kyuubi --namespace=<your namespace>
+```
+
+See more related details in [Using RBAC Authorization](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) and [Configure Service Accounts for Pods](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/).

Review Comment:
   ```suggestion
   See more related details in [Using RBAC Authorization](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) and [Configure Service Accounts for Pods](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/).
   
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For additional commands, e-mail: notifications-help@kyuubi.apache.org