You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@spark.apache.org by "Stavros Kontopoulos (JIRA)" <ji...@apache.org> on 2019/05/29 12:20:00 UTC

[jira] [Created] (SPARK-27872) Driver and executors use a different service acount

Stavros Kontopoulos created SPARK-27872:
-------------------------------------------

             Summary: Driver and executors use a different service acount
                 Key: SPARK-27872
                 URL: https://issues.apache.org/jira/browse/SPARK-27872
             Project: Spark
          Issue Type: Bug
          Components: Kubernetes
    Affects Versions: 2.4.3, 3.0.0
            Reporter: Stavros Kontopoulos


Driver and executors use different service accounts in case the driver has one other than the default: [https://gist.github.com/skonto/9beb5afa2ec4659ba563cbb0a8b9c4dd]

This makes the pod fail when the user links a service account with a secret: [https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account] 

as executors will not use the driver's service account and will not be able to get the secret in order to pull the related image.

I am not sure what is the assumption here for using the default account for executors, probably that this account is limited (executors dont create resources)? This is an inconsistency that could be fixed with the pod template feature in Spark 3.0.0 but it breaks pull secrets.

 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org