KulykDmytro edited a comment on issue #11696:
URL: https://github.com/apache/airflow/issues/11696#issuecomment-715886117
WebUI/Scheduler pods should run with serviceAccount which have RBAC
permissions on k8s cluster to get logs
```yaml
spec.template.spec.serviceAccount: airflow
```
```yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: airflow
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: airflow
rules:
- apiGroups: [""]
resources: [pods]
verbs: [create, get, delete, list, watch]
- apiGroups: [""]
resources: [pods/log]
verbs: [get, list]
- apiGroups: [""]
resources: [pods/exec]
verbs: [create, get]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: airflow
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: airflow
subjects:
- kind: ServiceAccount
name: airflow
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
