You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@spark.apache.org by "Stavros Kontopoulos (JIRA)" <ji...@apache.org> on 2019/05/29 12:20:00 UTC
[jira] [Created] (SPARK-27872) Driver and executors use a different
service acount
Stavros Kontopoulos created SPARK-27872:
-------------------------------------------
Summary: Driver and executors use a different service acount
Key: SPARK-27872
URL: https://issues.apache.org/jira/browse/SPARK-27872
Project: Spark
Issue Type: Bug
Components: Kubernetes
Affects Versions: 2.4.3, 3.0.0
Reporter: Stavros Kontopoulos
Driver and executors use different service accounts in case the driver has one other than the default: [https://gist.github.com/skonto/9beb5afa2ec4659ba563cbb0a8b9c4dd]
This makes the pod fail when the user links a service account with a secret: [https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account]
as executors will not use the driver's service account and will not be able to get the secret in order to pull the related image.
I am not sure what is the assumption here for using the default account for executors, probably that this account is limited (executors dont create resources)? This is an inconsistency that could be fixed with the pod template feature in Spark 3.0.0 but it breaks pull secrets.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org