1

I am trying to run a spring batch with remote partitioning on K8s cluster using spring-cloud-deployer-kubernetes. Eventhough I have configured a service account and mentioned in my application properties the below way

spring.cloud.deployer.kubernetes.deployment-service-account-name=scdf-sa

Still the master task is unable to spawn worker pods and it seems it does not pick the property while launching task from spring cloud dataflow UI and throws this error in master pod:

io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: GET at: https://<IP>/api/v1/namespaces/test/pods/batchsampleappworker-aeghj644g. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. pods "batchsampleappworker-j3ljqq3de9" is forbidden: User "system:serviceaccount:test:default" cannot get resource "pods" in API group "" in the namespace "test".

PS: I am using spring-cloud-deployer-kubernetes version of 2.5.0

Please some hints on how to correctly configure service account? Thanks in advance!

Kranthi
  • 37
  • 6
  • https://stackoverflow.com/questions/55498702/how-to-fix-forbiddenconfigured-service-account-doesnt-have-access-with-spark – Harsh Manvar Aug 25 '21 at 05:39
  • Hello @HarshManvar, thanks for the reference. But as I asked, I am able to create the service account. But I would like to know how to use it for spring-cloud-deployer-kubernetes, where the reference talks about using it in spark. Please let me know if we have some reference for spring cloud task and spring-cloud-deployer – Kranthi Aug 25 '21 at 06:05
  • https://tanzu.vmware.com/developer/guides/kubernetes/app-enhancements-spring-k8s/ hope you have created the cluster role or role and attach it to service account. – Harsh Manvar Aug 25 '21 at 06:43

1 Answers1

0

As per the official documentation of spring cloud dataflow here, adding the below to SCDF server config map solved the issue for me.

data:
  application.yaml: |-
    spring:
      cloud:
        dataflow:
          task:
            platform:
              kubernetes:
                accounts:
                  default:
                    deploymentServiceAccountName: myserviceaccountname
Kranthi
  • 37
  • 6