[
https://issues.apache.org/jira/browse/FLINK-20664?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17253362#comment-17253362
]
Till Rohrmann commented on FLINK-20664:
---------------------------------------
Thanks for driving this effort. What in a situation like this always worked
best is to introduce a common configuration option like
{{kubernetes.service-account}} which is used for both JM and TM unless a more
specific configuration option {{kubernetes.service-account.jobmanager}} or
{{kubernetes.service-account.taskmanager}} has been configured. That way you
don't force people to configure two options if they are ok with using a single
service account for both processes.
> Support setting service account for TaskManager pod
> ---------------------------------------------------
>
> Key: FLINK-20664
> URL: https://issues.apache.org/jira/browse/FLINK-20664
> Project: Flink
> Issue Type: Bug
> Components: Deployment / Kubernetes
> Affects Versions: 1.12.0
> Reporter: Yang Wang
> Assignee: Boris Lublinsky
> Priority: Blocker
> Labels: pull-request-available
> Fix For: 1.13.0, 1.12.1
>
>
> Currently, we only set the service account for JobManager. The TaskManager is
> using the default service account. Before the KubernetesHAService is
> introduced, it works because the TaskManager does not need to access the K8s
> resource(e.g. ConfigMap) directly. But now the TaskManager needs to watch
> ConfigMap and retrieve leader address. So if the default service account does
> not have enough permission, users could not specify a valid service account
> for TaskManager.
>
> We should introduce a new config option for TaskManager service account.
> {{kubernetes.taskmanager.service-account}}
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
