Uploaded image for project: 'Spark'
  1. Spark
  2. SPARK-26239

Add configurable auth secret source in k8s backend

    XMLWordPrintableJSON

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.0
    • Fix Version/s: 3.0.0
    • Component/s: Kubernetes, Spark Core
    • Labels:
      None

      Description

      This is a follow up to SPARK-26194, which aims to add auto-generated secrets similar to the YARN backend.

      There's a desire to support different ways to generate and propagate these auth secrets (e.g. using things like Vault). Need to investigate:

      • exposing configuration to support that
      • changing SecurityManager so that it can delegate some of the secret-handling logic to custom implementations
      • figuring out whether this can also be used in client-mode, where the driver is not created by the k8s backend in Spark.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                mcheah Matt Cheah
                Reporter:
                vanzin Marcelo Masiero Vanzin
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: