surahman edited a comment on pull request #3710: URL: https://github.com/apache/incubator-heron/pull/3710#issuecomment-932636387
I am not sure if you tried this but think we need to set up a [`Service Account`](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/) and assign it to the Heron API Server Pod. We then bind the Role to the `Service Account` [like so](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-subjects). From [Stack Overflow](https://stackoverflow.com/questions/52995962/kubernetes-namespace-default-service-account): > 5. The default permissions for a service account don't allow it to list or modify any resources. The default service account isn't allowed to view cluster state let alone modify it in any way. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
