rickchengx commented on pull request #4174: URL: https://github.com/apache/zeppelin/pull/4174#issuecomment-901967144
> To avoid creating the same `Role` in every namespace, a `ClusterRole` would be good. > You can then create a `RoleBinding` in each namespace, which has the Zeppelin server `ServiceAccount` as subject. > Example `RoleBinding` in `spark` namespace. > > ``` > kind: RoleBinding > apiVersion: rbac.authorization.k8s.io/v1 > metadata: > name: zeppelin-server-role-binding > namespace: spark > subjects: > - kind: ServiceAccount > name: zeppelin-server > namespace: default > roleRef: > apiGroup: rbac.authorization.k8s.io > kind: ClusterRole > name: zeppelin-server-role > ``` > > I think that should be sufficient. This `RoleBinding` should be created manuell by the user for each namespace, which should be used be zepperlin. Thanks for the comments. I have changed the `clusterrolebinding` to `rolebinding` and updated the docs. Now by default, user can create the interpreter pod in the `default` namespace. If the user wants to create and run the interpreter in another namespace, he also needs to add a `rolebinding` in the `zeppelin-server.yaml` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@zeppelin.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
