[ZEPPELIN-5464] Zeppelin server needs to obtain the permission to create "configmaps" under k8s mode - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 0.9.0
Fix Version/s: 0.9.1, 0.10.0
Component/s: Kubernetes
Labels:
None

Description

Since the spark interpreter pod need to create the resource "configmaps" (please refer to https://github.com/apache/zeppelin/pull/4165 for more information), Zeppelin Server also needs to obtain relative permissions when it is running inside k8s cluster.

Otherwise, it will generate such error:

io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: POST at: https://172.16.0.1/apis/rbac.authorization.k8s.io/v1/namespaces/default/roles. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. roles.rbac.authorization.k8s.io "spark-filwnx" is forbidden: user "system:serviceaccount:default:zeppelin-server" (groups=["system:serviceaccounts" "system:serviceaccounts:default" "system:authenticated"]) is attempting to grant RBAC permissions not currently held:
{APIGroups:[""], Resources:["configmaps"], Verbs:["create" "get" "update" "list" "delete" "watch"]}.

Attachments

Activity

People

Assignee:: rickcheng

Reporter:: rickcheng

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 21/Jul/21 08:30

Updated:: 09/Aug/21 11:43

Resolved:: 09/Aug/21 11:43

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

20m