I am trying to run a spring batch with remote partitioning on K8s cluster using spring-cloud-deployer-kubernetes. Eventhough I have configured a service account and mentioned in my application properties the below way
spring.cloud.deployer.kubernetes.deployment-service-account-name=scdf-sa
Still the master task is unable to spawn worker pods and it seems it does not pick the property while launching task from spring cloud dataflow UI and throws this error in master pod:
io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: GET at: https://<IP>/api/v1/namespaces/test/pods/batchsampleappworker-aeghj644g. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. pods "batchsampleappworker-j3ljqq3de9" is forbidden: User "system:serviceaccount:test:default" cannot get resource "pods" in API group "" in the namespace "test".
PS: I am using spring-cloud-deployer-kubernetes version of 2.5.0
Please some hints on how to correctly configure service account? Thanks in advance!
As per the official documentation of spring cloud dataflow here, adding the below to SCDF server config map solved the issue for me.
data:
application.yaml: |-
spring:
cloud:
dataflow:
task:
platform:
kubernetes:
accounts:
default:
deploymentServiceAccountName: myserviceaccountname