Adrian Tanase created SPARK-26295: ------------------------------------- Summary: [K8S] serviceAccountName is not set in client mode Key: SPARK-26295 URL: https://issues.apache.org/jira/browse/SPARK-26295 Project: Spark Issue Type: Bug Components: Kubernetes Affects Versions: 2.4.0 Reporter: Adrian Tanase
When deploying spark apps in client mode (in my case from inside the driver pod), one can't specify the service account in accordance to the docs ([https://spark.apache.org/docs/latest/running-on-kubernetes.html#rbac).] The property {{spark.kubernetes.authenticate.driver.serviceAccountName}} is most likely added in cluster mode only, which would be consistent with spark.kubernetes.authenticate.driver being the cluster mode prefix. We should either inject the service account specified by this property in the client mode pods, or specify an equivalent config: spark.kubernetes.authenticate.serviceAccountName This is the exception: {{Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. pods "..." is forbidden: User "system:serviceaccount:mynamespace:default" cannot get pods in the namespace "mynamespace"}} My current workaround is to create a clusterrolebinding with edit rights for the mynamespace:default account. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org