apache/kyuubi
1
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity

[KYUUBI #3902][DOC] Add ServiceAccount related content in kyuubi deploy on kubernetes

Browse Source 
### _Why are the changes needed?_

Add `Kyuubi Deploy On Kubernetes ServiceAccount-related` documentation, and explicitly assert serviceAccountName: default as the default configuration in the template file `${KYUUBI_HOME}/docker/kyuubi-pod(deployment).yaml` to make it easier for users to set.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [ ] [Run test](https://kyuubi.apache.org/docs/latest/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #3906 from zwangsheng/doc/kyuubi_on_k8s_service_account.

Closes #3902

e0ed06d6 [Cheng Pan] Update docs/deployment/kyuubi_on_kubernetes.md
6cd29dd0 [zwangsheng] build doc for serviceAccount

Lead-authored-by: zwangsheng <2213335496@qq.com>
Co-authored-by: Cheng Pan <pan3793@gmail.com>
Signed-off-by: Cheng Pan <chengpan@apache.org>
This commit is contained in:
zwangsheng 2022-12-12 16:57:49 +08:00 committed by Cheng Pan
parent 886682f033
commit 3bb594a8fe
No known key found for this signature in database
GPG Key ID: 8001952629BCC75D
3 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docker/kyuubi-deployment.yaml
View File

@ -48,6 +48,7 @@ spec:
labels:
app: kyuubi-server
spec:
serviceAccountName: default
containers:
- name: kyuubi-server
# TODO: replace this with the stable tag

1
docker/kyuubi-pod.yaml
View File

@ -48,6 +48,7 @@ metadata:
labels:
app: kyuubi-server
spec:
serviceAccountName: default
containers:
- name: kyuubi-server
# TODO: replace this with the stable tag

16
docs/deployment/kyuubi_on_kubernetes.md
View File

@ -72,6 +72,22 @@ You can deploy single-node Kyuubi through `${KYUUBI_HOME}/docker/kyuubi-pod.yaml
Also, you can use `${KYUUBI_HOME}/docker/kyuubi-service.yaml` to deploy Kyuubi Service.
### [Optional] ServiceAccount
According to [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/), we need to give kyuubi server the corresponding kubernetes privileges for `created/list/delete` engine pods in kubernetes.
You should create your serviceAccount ( or reuse account with the appropriate privileges ) and set your serviceAccountName for kyuubi pod, which you can find template in `${KYUUBI_HOME}/docker/kyuubi-deployment.yaml` or `${KYUUBI_HOME}/docker/kyuubi-pod.yaml`.
For example, you can create serviceAccount by following command:
```shell
kubectl create serviceAccount kyuubi -n <your namespace>
kubectl create rolebinding kyuubi-role --role=edit --serviceAccount=<your namespace>:kyuubi --namespace=<your namespace>
```
See more related details in [Using RBAC Authorization](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) and [Configure Service Accounts for Pods](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/).
## Config
You can configure Kyuubi the old-fashioned way by placing kyuubi-default.conf inside the image. Kyuubi do not recommend using this way on Kubernetes.