[ https://issues.apache.org/jira/browse/SPARK-27872?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Neelesh Srinivas Salian updated SPARK-27872: -------------------------------------------- Comment: was deleted (was: I have a patch to add this fix to the 2.4.x (currently 2.4.6) release. Should I add it here or a new cloned issue? [~eje] [|https://github.com/apache/spark/pull/29844]) > Driver and executors use a different service account breaking pull secrets > -------------------------------------------------------------------------- > > Key: SPARK-27872 > URL: https://issues.apache.org/jira/browse/SPARK-27872 > Project: Spark > Issue Type: Bug > Components: Kubernetes, Spark Core > Affects Versions: 2.4.3, 3.0.0 > Reporter: Stavros Kontopoulos > Assignee: Stavros Kontopoulos > Priority: Major > Fix For: 3.0.0 > > > Driver and executors use different service accounts in case the driver has > one set up which is different than default: > [https://gist.github.com/skonto/9beb5afa2ec4659ba563cbb0a8b9c4dd] > This makes the executor pods fail when the user links the driver service > account with a pull secret: > [https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account]. > Executors will not use the driver's service account and will not be able to > get the secret in order to pull the related image. > I am not sure what is the assumption here for using the default account for > executors, probably because of the fact that this account is limited (btw > executors dont create resources)? This is an inconsistency that could be > worked around with the pod template feature in Spark 3.0.0 but it breaks pull > secrets and in general I think its a bug to have it. > -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org