I am using below manifest to run some k8s Job, However i am not able to submit job successfully due to below error.
apiVersion: batch/v1
kind: Job
metadata:
name: spark-on-eks
spec:
template:
spec:
imagePullSecrets:
- name: mycreds
containers:
- name: spark
image: repo:buildversion
command:
- "/bin/sh"
- "-c"
- '/opt/spark/bin/spark-submit \
--master k8s://EKSEndpoint \
--deploy-mode cluster \
--name spark-luluapp \
--class com.ll.jsonclass \
--conf spark.jars.ivy=/tmp/.ivy \
--conf spark.kubernetes.container.image=repo:buildversion \
--conf spark.kubernetes.namespace=spark-pi \
--conf spark.kubernetes.authenticate.driver.serviceAccountName=spark-sa \
--conf spark.hadoop.fs.s3a.impl=org.apache.hadoop.fs.s3a.S3AFileSystem \
--conf spark.kubernetes.authenticate.executor.serviceAccountName=spark-sa \
--conf spark.kubernetes.driver.pod.name=spark-job-driver \
--conf spark.executor.instances=4 \
local:///opt/spark/examples/App-buildversion-SNAPSHOT.jar \
[mks,env,reg,"dd.mm.yyyy","true","off","db-comp-results","true","XX","XXX","XXXXX","XXX",$$,###] '
serviceAccountName: spark-pi
restartPolicy: Never
backoffLimit: 4
Error: Error: ImagePullBackOff Normal Pulling Pulling image "repo/buildversion" Warning Failed Failed to pull image "repo/buildversion": rpc error: code = Unknown desc = Error response from daemon: unauthorized: The client does not have permission for manifest
i checked the secrets which i have listed, is already created and in use with already deployed applications.
Is this issue is related to init containers which are being used as secret injection for pods/jobs, or something i am missing in my manifest, also, i am running above step as apart of Auotmation on one of the Jenkins Slave, and it works fine for other application-pods ( Not sure of k8s jobs )
