jahstreet commented on code in PR #451: URL: https://github.com/apache/incubator-livy/pull/451#discussion_r1670095313
########## server/src/main/scala/org/apache/livy/utils/SparkKubernetesApp.scala: ########## @@ -0,0 +1,739 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.livy.utils + +import java.net.URLEncoder +import java.util.Collections +import java.util.concurrent.TimeoutException + +import scala.annotation.tailrec +import scala.collection.mutable.ArrayBuffer +import scala.concurrent._ +import scala.concurrent.duration._ +import scala.language.postfixOps +import scala.util.{Failure, Success, Try} +import scala.util.control.NonFatal + +import io.fabric8.kubernetes.api.model._ +import io.fabric8.kubernetes.api.model.networking.v1.{Ingress, IngressBuilder} +import io.fabric8.kubernetes.client.{Config, ConfigBuilder, _} +import org.apache.commons.lang.StringUtils + +import org.apache.livy.{LivyConf, Logging, Utils} + +object SparkKubernetesApp extends Logging { + + private val leakedAppTags = new java.util.concurrent.ConcurrentHashMap[String, Long]() + + private val leakedAppsGCThread = new Thread() { + override def run(): Unit = { + import KubernetesExtensions._ + while (true) { + if (!leakedAppTags.isEmpty) { + // kill the app if found it and remove it if exceeding a threshold + val iter = leakedAppTags.entrySet().iterator() + var isRemoved = false + val now = System.currentTimeMillis() + val apps = withRetry(kubernetesClient.getApplications()) + while (iter.hasNext) { + val entry = iter.next() + apps.find(_.getApplicationTag.contains(entry.getKey)) + .foreach({ + app => + info(s"Kill leaked app ${app.getApplicationId}") + withRetry(kubernetesClient.killApplication(app)) + iter.remove() + isRemoved = true + }) + if (!isRemoved) { + if ((entry.getValue - now) > sessionLeakageCheckTimeout) { + iter.remove() + info(s"Remove leaked Kubernetes app tag ${entry.getKey}") + } + } + } + } + Thread.sleep(sessionLeakageCheckInterval) + } + } + } + + val RefreshServiceAccountTokenThread = new Thread() { + override def run(): Unit = { + while (true) { + var currentContext = new Context() + var currentContextName = new String + val config = kubernetesClient.getConfiguration + if (config.getCurrentContext != null) { + currentContext = config.getCurrentContext.getContext + currentContextName = config.getCurrentContext.getName + } + + var newAccessToken = new String + val newestConfig = Config.autoConfigure(currentContextName) + newAccessToken = newestConfig.getOauthToken + info(s"Refresh a new token ${newAccessToken}") + + config.setOauthToken(newAccessToken) + kubernetesClient = new DefaultKubernetesClient(config) + + // Token will expire 1 hour default, community recommend to update every 5 minutes + Thread.sleep(300000) + } + } + } + + private var livyConf: LivyConf = _ + + private var cacheLogSize: Int = _ + private var appLookupTimeout: FiniteDuration = _ + private var pollInterval: FiniteDuration = _ + + private var sessionLeakageCheckTimeout: Long = _ + private var sessionLeakageCheckInterval: Long = _ + + var kubernetesClient: DefaultKubernetesClient = _ + + def init(livyConf: LivyConf): Unit = { + this.livyConf = livyConf + + // KubernetesClient is thread safe. Create once, share it across threads. + kubernetesClient = + KubernetesClientFactory.createKubernetesClient(livyConf) + + cacheLogSize = livyConf.getInt(LivyConf.SPARK_LOGS_SIZE) + appLookupTimeout = livyConf.getTimeAsMs(LivyConf.KUBERNETES_APP_LOOKUP_TIMEOUT).milliseconds + pollInterval = livyConf.getTimeAsMs(LivyConf.KUBERNETES_POLL_INTERVAL).milliseconds + + sessionLeakageCheckInterval = + livyConf.getTimeAsMs(LivyConf.KUBERNETES_APP_LEAKAGE_CHECK_INTERVAL) + sessionLeakageCheckTimeout = livyConf.getTimeAsMs(LivyConf.KUBERNETES_APP_LEAKAGE_CHECK_TIMEOUT) + + leakedAppsGCThread.setDaemon(true) + leakedAppsGCThread.setName("LeakedAppsGCThread") + leakedAppsGCThread.start() + + RefreshServiceAccountTokenThread. + setName("RefreshServiceAccountTokenThread") + RefreshServiceAccountTokenThread.setDaemon(true) + RefreshServiceAccountTokenThread.start() + } + + // Returning T, throwing the exception on failure + // When istio-proxy restarts, the access to K8s API from livy could be down + // until envoy comes back, which could take upto 30 seconds Review Comment: Is istio/envoy or any ingress controller a prerequisite to using Livy with K8s? ########## server/src/main/scala/org/apache/livy/LivyConf.scala: ########## @@ -258,6 +258,63 @@ object LivyConf { // value specifies max attempts to retry when safe mode is ON in hdfs filesystem val HDFS_SAFE_MODE_MAX_RETRY_ATTEMPTS = Entry("livy.server.hdfs.safe-mode.max.retry.attempts", 12) + // Kubernetes oauth token file path. + val KUBERNETES_OAUTH_TOKEN_FILE = Entry("livy.server.kubernetes.oauthTokenFile", "") + // Kubernetes oauth token string value. + val KUBERNETES_OAUTH_TOKEN_VALUE = Entry("livy.server.kubernetes.oauthTokenValue", "") + // Kubernetes CA cert file path. + val KUBERNETES_CA_CERT_FILE = Entry("livy.server.kubernetes.caCertFile", "") + // Kubernetes client key file path. + val KUBERNETES_CLIENT_KEY_FILE = Entry("livy.server.kubernetes.clientKeyFile", "") + // Kubernetes client cert file path. + val KUBERNETES_CLIENT_CERT_FILE = Entry("livy.server.kubernetes.clientCertFile", "") + + // If Livy can't find the Kubernetes app within this time, consider it lost. + val KUBERNETES_APP_LOOKUP_TIMEOUT = Entry("livy.server.kubernetes.app-lookup-timeout", "600s") + // How often Livy polls Kubernetes to refresh Kubernetes app state. + val KUBERNETES_POLL_INTERVAL = Entry("livy.server.kubernetes.poll-interval", "15s") + + // How long to check livy session leakage. + val KUBERNETES_APP_LEAKAGE_CHECK_TIMEOUT = + Entry("livy.server.kubernetes.app-leakage.check-timeout", "600s") + // How often to check livy session leakage. + val KUBERNETES_APP_LEAKAGE_CHECK_INTERVAL = + Entry("livy.server.kubernetes.app-leakage.check-interval", "60s") + + // Weather to create Kubernetes Nginx Ingress for Spark UI. + val KUBERNETES_INGRESS_CREATE = Entry("livy.server.kubernetes.ingress.create", false) + // Kubernetes Ingress class name. + val KUBERNETES_INGRESS_CLASS_NAME = Entry("livy.server.kubernetes.ingress.className", "") + // Kubernetes Nginx Ingress protocol. + val KUBERNETES_INGRESS_PROTOCOL = Entry("livy.server.kubernetes.ingress.protocol", "http") + // Kubernetes Nginx Ingress host. + val KUBERNETES_INGRESS_HOST = Entry("livy.server.kubernetes.ingress.host", "localhost") + // Kubernetes Nginx Ingress additional configuration snippet. + val KUBERNETES_INGRESS_ADDITIONAL_CONF_SNIPPET = + Entry("livy.server.kubernetes.ingress.additionalConfSnippet", "") + // Kubernetes Nginx Ingress additional annotations: key1=value1;key2=value2;... . + val KUBERNETES_INGRESS_ADDITIONAL_ANNOTATIONS = + Entry("livy.server.kubernetes.ingress.additionalAnnotations", "") + // Kubernetes secret name for Nginx Ingress TLS. + // Is omitted if 'livy.server.kubernetes.ingress.protocol' value doesn't end with 's' + val KUBERNETES_INGRESS_TLS_SECRET_NAME = + Entry("livy.server.kubernetes.ingress.tls.secretName", "spark-cluster-tls") + + val KUBERNETES_GRAFANA_LOKI_ENABLED = Entry("livy.server.kubernetes.grafana.loki.enabled", false) + val KUBERNETES_GRAFANA_URL = Entry("livy.server.kubernetes.grafana.url", "http://localhost:3000";) + val KUBERNETES_GRAFANA_LOKI_DATASOURCE = + Entry("livy.server.kubernetes.grafana.loki.datasource", "loki") + val KUBERNETES_GRAFANA_TIME_RANGE = Entry("livy.server.kubernetes.grafana.timeRange", "6h") + + // side car container for spark pods enabled? + val KUBERNETES_SPARK_SIDECAR_ENABLED = + Entry("livy.server.kubernetes.spark.sidecar.enabled", true) Review Comment: What is the use case for this flag? ########## server/src/main/scala/org/apache/livy/LivyConf.scala: ########## @@ -258,6 +258,63 @@ object LivyConf { // value specifies max attempts to retry when safe mode is ON in hdfs filesystem val HDFS_SAFE_MODE_MAX_RETRY_ATTEMPTS = Entry("livy.server.hdfs.safe-mode.max.retry.attempts", 12) + // Kubernetes oauth token file path. + val KUBERNETES_OAUTH_TOKEN_FILE = Entry("livy.server.kubernetes.oauthTokenFile", "") + // Kubernetes oauth token string value. + val KUBERNETES_OAUTH_TOKEN_VALUE = Entry("livy.server.kubernetes.oauthTokenValue", "") + // Kubernetes CA cert file path. + val KUBERNETES_CA_CERT_FILE = Entry("livy.server.kubernetes.caCertFile", "") + // Kubernetes client key file path. + val KUBERNETES_CLIENT_KEY_FILE = Entry("livy.server.kubernetes.clientKeyFile", "") + // Kubernetes client cert file path. + val KUBERNETES_CLIENT_CERT_FILE = Entry("livy.server.kubernetes.clientCertFile", "") + + // If Livy can't find the Kubernetes app within this time, consider it lost. + val KUBERNETES_APP_LOOKUP_TIMEOUT = Entry("livy.server.kubernetes.app-lookup-timeout", "600s") + // How often Livy polls Kubernetes to refresh Kubernetes app state. + val KUBERNETES_POLL_INTERVAL = Entry("livy.server.kubernetes.poll-interval", "15s") + + // How long to check livy session leakage. + val KUBERNETES_APP_LEAKAGE_CHECK_TIMEOUT = + Entry("livy.server.kubernetes.app-leakage.check-timeout", "600s") + // How often to check livy session leakage. + val KUBERNETES_APP_LEAKAGE_CHECK_INTERVAL = + Entry("livy.server.kubernetes.app-leakage.check-interval", "60s") + + // Weather to create Kubernetes Nginx Ingress for Spark UI. + val KUBERNETES_INGRESS_CREATE = Entry("livy.server.kubernetes.ingress.create", false) + // Kubernetes Ingress class name. + val KUBERNETES_INGRESS_CLASS_NAME = Entry("livy.server.kubernetes.ingress.className", "") + // Kubernetes Nginx Ingress protocol. + val KUBERNETES_INGRESS_PROTOCOL = Entry("livy.server.kubernetes.ingress.protocol", "http") + // Kubernetes Nginx Ingress host. + val KUBERNETES_INGRESS_HOST = Entry("livy.server.kubernetes.ingress.host", "localhost") + // Kubernetes Nginx Ingress additional configuration snippet. + val KUBERNETES_INGRESS_ADDITIONAL_CONF_SNIPPET = + Entry("livy.server.kubernetes.ingress.additionalConfSnippet", "") + // Kubernetes Nginx Ingress additional annotations: key1=value1;key2=value2;... . + val KUBERNETES_INGRESS_ADDITIONAL_ANNOTATIONS = + Entry("livy.server.kubernetes.ingress.additionalAnnotations", "") + // Kubernetes secret name for Nginx Ingress TLS. + // Is omitted if 'livy.server.kubernetes.ingress.protocol' value doesn't end with 's' + val KUBERNETES_INGRESS_TLS_SECRET_NAME = + Entry("livy.server.kubernetes.ingress.tls.secretName", "spark-cluster-tls") + + val KUBERNETES_GRAFANA_LOKI_ENABLED = Entry("livy.server.kubernetes.grafana.loki.enabled", false) + val KUBERNETES_GRAFANA_URL = Entry("livy.server.kubernetes.grafana.url", "http://localhost:3000";) + val KUBERNETES_GRAFANA_LOKI_DATASOURCE = + Entry("livy.server.kubernetes.grafana.loki.datasource", "loki") + val KUBERNETES_GRAFANA_TIME_RANGE = Entry("livy.server.kubernetes.grafana.timeRange", "6h") Review Comment: Great to add some docs about expectations to Grafana and Loki installation to make use of this configs. Same about installing Livy on K8s, we should give some guide to the community on how to set this up at least locally to play with. That will help to raise the adoption. I can help you with connecting the dots, ping me if you wanna discuss. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
