[jira] [Commented] (FLINK-20664) Support setting service account for TaskManager pod

[Yang Wang (Jira)]

    [ 
https://issues.apache.org/jira/browse/FLINK-20664?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17251848#comment-17251848
 ] 

Yang Wang commented on FLINK-20664:
-----------------------------------

[~lublinsky] Do you think adding a new config option 
{{kubernetes.taskmanager.service-account}} makes sense to you?

> Support setting service account for TaskManager pod
> ---------------------------------------------------
>
>                 Key: FLINK-20664
>                 URL: https://issues.apache.org/jira/browse/FLINK-20664
>             Project: Flink
>          Issue Type: Bug
>          Components: Deployment / Kubernetes
>    Affects Versions: 1.12.0
>            Reporter: Yang Wang
>            Assignee: Yang Wang
>            Priority: Critical
>             Fix For: 1.13.0, 1.12.1
>
>
> Currently, we only set the service account for JobManager. The TaskManager is 
> using the default service account. Before the KubernetesHAService is 
> introduced, it works because the TaskManager does not need to access the K8s 
> resource(e.g. ConfigMap) directly. But now the TaskManager needs to watch 
> ConfigMap and retrieve leader address. So if the default service account does 
> not have enough permission, users could not specify a valid service account 
> for TaskManager.
>  
> We should introduce a new config option for TaskManager service account. 
> {{kubernetes.taskmanager.service-account}}
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)