[jira] [Commented] (SPARK-28360) The serviceAccountName configuration item does not take effect in client mode.

Mon, 23 Sep 2019 14:38:08 -0700 


    [ 
https://issues.apache.org/jira/browse/SPARK-28360?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16936207#comment-16936207
 ] 

holdenk commented on SPARK-28360:
---------------------------------

Don't we need a service account name to create the executor pods?

> The serviceAccountName configuration item does not take effect in client mode.
> ------------------------------------------------------------------------------
>
>                 Key: SPARK-28360
>                 URL: https://issues.apache.org/jira/browse/SPARK-28360
>             Project: Spark
>          Issue Type: Improvement
>          Components: Kubernetes
>    Affects Versions: 3.0.0
>            Reporter: zhixingheyi_tian
>            Priority: Major
>
> From the configuration item description from the spark document: 
> https://spark.apache.org/docs/latest/running-on-kubernetes.html
>  
> “spark.kubernetes.authenticate.driver.serviceAccountName default Service 
> account that is used when running the driver pod. The driver pod uses this 
> service account when requesting executor pods from the API server. Note that 
> this cannot be specified alongside a CA cert file, client key file, client 
> cert file, and/or OAuth token. In client mode, use 
> spark.kubernetes.authenticate.serviceAccountName instead.”
> But in client mode. “spark.kubernetes.authenticate.serviceAccountName” does 
> not take effect in fact.
> From the analysis of source codes, spark does not get this configuration item 
> "spark.kubernetes.authenticate.serviceAccountName".
>  In Unit Tests, only cases for 
> "spark.kubernetes.authenticate.driver.serviceAccountName".
> In kubernetes, a service account provides an identity for processes that run 
> in a Pod. When you create a pod, if you do not specify a service account, it 
> is automatically assigned the default service account in the same namespace. 
>  Add a “spec.serviceAccountName” when creating a pod , can specify a custom 
> service account.
>  So in client mode, If you run your driver inside a Kubernetes pod, the 
> serviceaccount has already existed. If your application is not running inside 
> a pod, no serviceaccount is needed at all.
> From my point of view, just modify the document and delete the 
> "spark.kubernetes.authenticate.serviceAccountName" configuration item 
> description. Because it doesn't work at the moment, it also doesn't need to 
> work.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org

Reply via email to