Uploaded image for project: 'Spark'
  1. Spark
  2. SPARK-25825

Kerberos Support for Long Running Jobs in Kubernetes

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Resolved
    • Major
    • Resolution: Won't Do
    • 3.0.0
    • None
    • Kubernetes, Spark Core
    • None

    Description

      When provided with a --keytab and --principal combination, there is an expectation that Kubernetes would leverage the Driver to spin up a renewal thread to handle token renewal. However, in the case that a --keytab and --principal are not provided and instead a secretName and secretItemKey is provided, there should be an option to specify a config that specifies that a external renewal service exists. The driver should, therefore, be responsible for discovering changes to the secret and send the updated token data to the executor with the UpdateDelegationTokens message. Thereby enabling token renewal given just a secret in addition to the traditional use-case via --keytab and --principal

      Attachments

        Issue Links

          is a child of

          Umbrella - An overarching type made of sub-tasks SPARK-25826 Kerberos Support in Kubernetes resource manager

          • Major - Major loss of function.
          • Open
          links to

          Pull request #22915 [Github] Pull Request #22915 (ifilonenko)

          Pull request #22915 [Github] Pull Request #22915 (ifilonenko)

          Web Link GitHub Pull Request #22915

          Activity

            People

              Unassigned Unassigned
              ifilonenko Ilan Filonenko
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: