[WIP] Secure HDFS Support #391

ifilonenko · 2017-07-26T18:06:01Z

What changes were proposed in this pull request?

This it the on-going work of setting up Secure HDFS interaction with Spark-on-K8S.
The architecture is discussed in this community-wide google doc
This initiative can be broken down into 4 stages.

STAGE 1

Detecting HADOOP_CONF_DIR environmental variable and using Config Maps to store all Hadoop config files locally, while also setting HADOOP_CONF_DIR locally in the driver / executors

STAGE 2

Grabbing TGT from LTC or using keytabs+principle and creating a DT that will be mounted as a secret

STAGE 3

Driver + Executor Logic

STAGE 4

Service Pod that handles renewals

How was this patch tested?

E2E Integration tests
- Stage 1
- Stage 2
- Stage 3
- Stage 4
Unit tests
- Stage 1
- Stage 2
- Stage 3
- Stage 4

Docs and Error Handling?

Docs
Error Handling

…ILE_DIR for Volume mount

…erized cluster in integration tests

ifilonenko · 2017-08-02T22:10:20Z

Moved to #414

…tream

ifilonenko added 11 commits July 26, 2017 10:52

Initial architecture design for HDFS support

0f3501a

Minor styling

b12a439

Added proper logic for mounting ConfigMaps

2d8797f

styling

d0f492f

modified otherKubernetesResource logic

a413662

fixed Integration tests and modified HADOOP_CONF_DIR variable to be F…

72e3f31

…ILE_DIR for Volume mount

setting HADOOP_CONF_DIR env variables

4971219

Included integration tests for Stage 1

4911ea8

Initial Kerberos support

c41c38b

initial Stage 2 architecture using deprecated 2.1 methods

bff5a42

Added current, BROKEN, integration test environment for review

d6d49dc

ifilonenko mentioned this pull request Jul 26, 2017

[WIP] Secure HDFS Support #373

Closed

14 tasks

ifilonenko added 3 commits July 27, 2017 21:34

working hadoop cluster

21e2dd6

Using locks and monitors to ensure proper configs for setting up kerb…

6fbdee2

…erized cluster in integration tests

working Stage 2

1ac9a19

kimoonkim mentioned this pull request Aug 1, 2017

HDFS access umbrella issue #128

Open

This was referenced Aug 1, 2017

end-to-end tests using spark-submit #410

Open

[WIP] Use HDFS Delegation Token in driver/executor pods as part of Secure HDFS Support #379

Merged

documentation

32ff0de

ifilonenko closed this Aug 2, 2017

ifilonenko pushed a commit to ifilonenko/spark that referenced this pull request Feb 26, 2019

Merge pull request apache-spark-on-k8s#391 from palantir/os/merge-ups…

df34e2d

…tream

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[WIP] Secure HDFS Support #391

[WIP] Secure HDFS Support #391

Uh oh!

ifilonenko commented Jul 26, 2017 •

edited

Loading

Uh oh!

ifilonenko commented Aug 2, 2017

Uh oh!

Uh oh!

[WIP] Secure HDFS Support #391

[WIP] Secure HDFS Support #391

Uh oh!

Conversation

ifilonenko commented Jul 26, 2017 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

What changes were proposed in this pull request?

How was this patch tested?

Docs and Error Handling?

Uh oh!

ifilonenko commented Aug 2, 2017

Uh oh!

Uh oh!

ifilonenko commented Jul 26, 2017 •

edited

Loading