I am using spring cloud dataflow for spring batches(with remote partitioning) wrapped with spring cloud task, deployed in kubernetes. I have also created a service account for the same. The batch runs fine when I use the launch option on tasks tab in SCDF UI. But when I try schedule option in the SCDF UI, it seems to not consider the configured service account name and it gives the below error
io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: GET at: https://<IP>/api/v1/namespaces/test/pods/batchsampleappworker-aeghj644g. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. pods "batchsampleappworker-j3ljqq3de9" is forbidden: User "system:serviceaccount:test:default" cannot get resource "pods" in API group "" in the namespace "test".
Below is a sample config provided in SCDF server configuration
data:
application.yaml: |-
spring:
cloud:
dataflow:
task:
platform:
kubernetes:
accounts:
default:
deploymentServiceAccountName: myserviceaccountname
Please shed some light on this issue and help me getting this resolved
On my way exploring the solution for the problem, I came across this github page where it was suggested to add either
to the deployment of SCDF server or,
to the individual schedule while creating it. Unfortunately, neither of them worked for me but triggered me to try out with the below per schedule created and it worked for me.
It will be great if someone help me in explaining why the first option - updating deployment did not work?