You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@flink.apache.org by tr...@apache.org on 2021/02/18 18:27:21 UTC
[flink] branch release-1.12 updated: [FLINK-21381][docs] Add
information about service account permissions to K8s HA service
documentation
This is an automated email from the ASF dual-hosted git repository.
trohrmann pushed a commit to branch release-1.12
in repository https://gitbox.apache.org/repos/asf/flink.git
The following commit(s) were added to refs/heads/release-1.12 by this push:
new 3bbfb73 [FLINK-21381][docs] Add information about service account permissions to K8s HA service documentation
3bbfb73 is described below
commit 3bbfb73908b239f957169805bf591c69ce949ccb
Author: Till Rohrmann <tr...@apache.org>
AuthorDate: Tue Feb 16 15:04:14 2021 +0100
[FLINK-21381][docs] Add information about service account permissions to K8s HA service documentation
This closes #14947.
---
docs/deployment/ha/kubernetes_ha.md | 15 +++++++++++++++
docs/deployment/ha/kubernetes_ha.zh.md | 8 ++++++++
.../resource-providers/standalone/kubernetes.md | 8 +++++++-
.../resource-providers/standalone/kubernetes.zh.md | 8 +++++++-
4 files changed, 37 insertions(+), 2 deletions(-)
diff --git a/docs/deployment/ha/kubernetes_ha.md b/docs/deployment/ha/kubernetes_ha.md
index c5c871e..3b2dade 100644
--- a/docs/deployment/ha/kubernetes_ha.md
+++ b/docs/deployment/ha/kubernetes_ha.md
@@ -31,6 +31,21 @@ Flink's Kubernetes HA services use [Kubernetes](https://kubernetes.io/) for high
Kubernetes high availability services can only be used when deploying to Kubernetes.
Consequently, they can be configured when using [standalone Flink on Kubernetes]({% link deployment/resource-providers/standalone/kubernetes.md %}) or the [native Kubernetes integration]({% link deployment/resource-providers/native_kubernetes.md %})
+## Prerequisites
+
+In order to use Flink's Kubernetes HA services you must fulfill the following prerequisites:
+
+- Kubernetes >= 1.9.
+- Service account with permissions to create, edit, delete ConfigMaps.
+ Take a look at how to configure a service account for [Flink's native Kubernetes integration]({% link deployment/resource-providers/native_kubernetes.md %}#rbac) and [standalone Flink on Kubernetes]({% link deployment/resource-providers/standalone/kubernetes.md %}#kubernetes-high-availability-services) for more information.
+
+## Prerequisites
+
+In order to use Flink's Kubernetes HA services you must fulfill the following prerequisites:
+
+- Kubernetes >= 1.9.
+- `default` service account with [RBAC]({% link deployment/resource-providers/native_kubernetes.md %}#rbac) permissions to create, edit, delete ConfigMaps.
+
## Configuration
In order to start an HA-cluster you have to configure the following configuration keys:
diff --git a/docs/deployment/ha/kubernetes_ha.zh.md b/docs/deployment/ha/kubernetes_ha.zh.md
index c1750a2..21ff6bc 100644
--- a/docs/deployment/ha/kubernetes_ha.zh.md
+++ b/docs/deployment/ha/kubernetes_ha.zh.md
@@ -31,6 +31,14 @@ Flink's Kubernetes HA services use [Kubernetes](https://kubernetes.io/) for high
Kubernetes high availability services can only be used when deploying to Kubernetes.
Consequently, they can be configured when using [standalone Flink on Kubernetes]({% link deployment/resource-providers/standalone/kubernetes.zh.md %}) or the [native Kubernetes integration]({% link deployment/resource-providers/native_kubernetes.zh.md %})
+## Prerequisites
+
+In order to use Flink's Kubernetes HA services you must fulfill the following prerequisites:
+
+- Kubernetes >= 1.9.
+- Service account with permissions to create, edit, delete ConfigMaps.
+ Take a look at how to configure a service account for [Flink's native Kubernetes integration]({% link deployment/resource-providers/native_kubernetes.zh.md %}#rbac) and [standalone Flink on Kubernetes]({% link deployment/resource-providers/standalone/kubernetes.zh.md %}#kubernetes-high-availability-services) for more information.
+
## Configuration
In order to start an HA-cluster you have to configure the following configuration keys:
diff --git a/docs/deployment/resource-providers/standalone/kubernetes.md b/docs/deployment/resource-providers/standalone/kubernetes.md
index 6775580..fb503ef 100644
--- a/docs/deployment/resource-providers/standalone/kubernetes.md
+++ b/docs/deployment/resource-providers/standalone/kubernetes.md
@@ -194,7 +194,10 @@ You can now access the logs by running `kubectl logs flink-jobmanager-589967dcfc
For high availability on Kubernetes, you can use the [existing high availability services]({% link deployment/ha/index.md %}).
-Session Mode and Application Mode clusters support using the Kubernetes high availability service. Users just need to add the following Flink config options to [flink-configuration-configmap.yaml](#common-cluster-resource-definitions). All other yamls do not need to be updated.
+#### Kubernetes High-Availability Services
+
+Session Mode and Application Mode clusters support using the [Kubernetes high availability service]({% link deployment/ha/kubernetes_ha.md %}).
+You need to add the following Flink config options to [flink-configuration-configmap.yaml](#common-cluster-resource-definitions).
<span class="label label-info">Note</span> The filesystem which corresponds to the scheme of your configured HA storage directory must be available to the runtime. Refer to [custom Flink image]({% link deployment/resource-providers/standalone/docker.md %}#advanced-customization) and [enable plugins]({% link deployment/resource-providers/standalone/docker.md %}#using-filesystem-plugins) for more information.
@@ -216,6 +219,9 @@ data:
...
{% endhighlight %}
+Moreover, you have to start the JobManager and TaskManager pods with a service account which has the permissions to create, edit, delete ConfigMaps.
+See [how to configure service accounts for pods](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/) for more information.
+
### Enabling Queryable State
You can access the queryable state of TaskManager if you create a `NodePort` service for it:
diff --git a/docs/deployment/resource-providers/standalone/kubernetes.zh.md b/docs/deployment/resource-providers/standalone/kubernetes.zh.md
index cb08b1e..b57ed5a 100644
--- a/docs/deployment/resource-providers/standalone/kubernetes.zh.md
+++ b/docs/deployment/resource-providers/standalone/kubernetes.zh.md
@@ -194,7 +194,10 @@ You can now access the logs by running `kubectl logs flink-jobmanager-589967dcfc
For high availability on Kubernetes, you can use the [existing high availability services]({% link deployment/ha/index.zh.md %}).
-Session Mode and Application Mode clusters support using the Kubernetes high availability service. Users just need to add the following Flink config options to [flink-configuration-configmap.yaml](#common-cluster-resource-definitions). All other yamls do not need to be updated.
+#### Kubernetes High-Availability Services
+
+Session Mode and Application Mode clusters support using the [Kubernetes high availability service]({% link deployment/ha/kubernetes_ha.zh.md %}).
+You need to add the following Flink config options to [flink-configuration-configmap.yaml](#common-cluster-resource-definitions).
<span class="label label-info">Note</span> The filesystem which corresponds to the scheme of your configured HA storage directory must be available to the runtime. Refer to [custom Flink image]({% link deployment/resource-providers/standalone/docker.zh.md %}#advanced-customization) and [enable plugins]({% link deployment/resource-providers/standalone/docker.zh.md %}#using-filesystem-plugins) for more information.
@@ -216,6 +219,9 @@ data:
...
{% endhighlight %}
+Moreover, you have to start the JobManager and TaskManager pods with a service account which has the permissions to create, edit, delete ConfigMaps.
+See [how to configure service accounts for pods](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/) for more information.
+
### Enabling Queryable State
You can access the queryable state of TaskManager if you create a `NodePort` service for it: