Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Invalid
-
1.12.0
-
None
-
None
Description
We're using Kubernetes Standalone solution to deploy Flink on Kubernetes cluster. We created helm chart resources with following documentation: https://ci.apache.org/projects/flink/flink-docs-release-1.12/deployment/resource-providers/standalone/kubernetes.html
The problem is that on 'production' environment the default service account is restricted from creating configmaps. I added kubernetes.jobmanager.service-account property to flink-conf.yml to use different service account, but the error still says that the 'default' service account has no permission to create config maps. I'm trying to reproduce this on my local Kubernetes cluster, so:
I'm creating ClusterRoleBinding for ClusterRole 'view' and assign it to 'flink-sa' service account in order to check if the creation of configmaps is now impossible
In flink-conf.yaml I'm adding property kubernetes.jobmanager.service-account: flink-sa
The cluster still creates configmaps and works correctly - meaning it doesn't use read-only service account I provided for it.
Therefore I cannot change service account that Flink is using on 'production' environment - it will always use the default one.
Shouldn't the option to configure which service account Flink deployment is using work for both Native Kubernetes deployment and Standalone Kubernetes deployment?