[jira] [Updated] (FLINK-24212) kerberos krb5.conf file is mounted as empty directory, not the expected file

Wed, 08 Sep 2021 04:54:09 -0700 


     [ 
https://issues.apache.org/jira/browse/FLINK-24212?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

LiuZeshan updated FLINK-24212:
------------------------------
    Description: 
>From FLINK-18971,we can mount kerberos krb5 conf file to pod with path 
>/etc/krb5.conf,however if the krb5 conf file is not named krb5.conf (e.g named 
>mykrb5.conf),the mount path /etc/krb5.conf in pod will be an empty directory, 
>not a file that we expect.
{code:java}
root@mykrb5-conf-test-6dd5c76f87-vfwh5:/# ls /etc/krb5.conf/ -la
total 8
drwxrwxrwx 2 root root 4096 Sep  8 10:42 .
drwxr-xr-x 1 root root 4096 Sep  8 10:42 ..{code}
 

 The reason is that, the code  in 
[KerberosMountDecrator#decroateFlinkPod|https://github.com/apache/flink/blob/7e91e82fca999ddefa7ebdf198b8cfd3b6998b8b/flink-kubernetes/src/main/java/org/apache/flink/kubernetes/kubeclient/decorators/KerberosMountDecorator.java#L110],
 we create the deployment like this: 
{code:java}
...
        volumeMounts:
        - mountPath: /etc/krb5.conf
          name: my-krb5conf-volume
          subPath: krb5.conf    
...
      volumes:
      - configMap:
          defaultMode: 420
          items:
          - key: mykrb5.conf
            path: mykrb5.conf
          name: my-krb5conf
        name: my-krb5conf-volume
{code}
path value should be set to const value "krb5.conf", not the file name that 
user provide (path: mykrb5.conf).

 we can use the yaml description file attachment to reproduce the problem.  
[^mykrb5conf.yaml]

 

  was:
>From [FLINK-18971],we can mount kerberos krb5 conf file to pod with path 
>/etc/krb5.conf,however if the krb5 conf file is not named krb5.conf (e.g named 
>mykrb5.conf),the mount path /etc/krb5.conf in pod will be an empty directory, 
>not the file the we expected.

 
{code:java}
root@mykrb5-conf-test-6dd5c76f87-vfwh5:/# ls /etc/krb5.conf/ -la
total 8
drwxrwxrwx 2 root root 4096 Sep  8 10:42 .
drwxr-xr-x 1 root root 4096 Sep  8 10:42 ..{code}
 

 

The reason is that, the code  in 
[KerberosMountDecrator#decroateFlinkPod|https://github.com/apache/flink/blob/7e91e82fca999ddefa7ebdf198b8cfd3b6998b8b/flink-kubernetes/src/main/java/org/apache/flink/kubernetes/kubeclient/decorators/KerberosMountDecorator.java#L110],
 we create the deployment like this:

 
{code:java}
        volumeMounts:
        - mountPath: /etc/krb5.conf
          name: my-krb5conf-volume
          subPath: krb5.conf    
...
      volumes:
      - configMap:
          defaultMode: 420
          items:
          - key: mykrb5.conf
            path: mykrb5.conf
          name: my-krb5conf
        name: my-krb5conf-volume
{code}
path: mykrb5.conf should be set to const value "krb5.conf", not the file name 
that user provide.

 

we can use the yaml description file attachment to reproduce the problem.  
[^mykrb5conf.yaml]

 

 


> kerberos krb5.conf file is mounted as empty directory, not the expected file
> ----------------------------------------------------------------------------
>
>                 Key: FLINK-24212
>                 URL: https://issues.apache.org/jira/browse/FLINK-24212
>             Project: Flink
>          Issue Type: Bug
>          Components: Deployment / Kubernetes
>    Affects Versions: 1.12.1, 1.13.1, 1.13.2
>            Reporter: LiuZeshan
>            Priority: Minor
>             Fix For: 1.14.1
>
>         Attachments: mykrb5conf.yaml
>
>
> From FLINK-18971,we can mount kerberos krb5 conf file to pod with path 
> /etc/krb5.conf,however if the krb5 conf file is not named krb5.conf (e.g 
> named mykrb5.conf),the mount path /etc/krb5.conf in pod will be an empty 
> directory, not a file that we expect.
> {code:java}
> root@mykrb5-conf-test-6dd5c76f87-vfwh5:/# ls /etc/krb5.conf/ -la
> total 8
> drwxrwxrwx 2 root root 4096 Sep  8 10:42 .
> drwxr-xr-x 1 root root 4096 Sep  8 10:42 ..{code}
>  
>  The reason is that, the code  in 
> [KerberosMountDecrator#decroateFlinkPod|https://github.com/apache/flink/blob/7e91e82fca999ddefa7ebdf198b8cfd3b6998b8b/flink-kubernetes/src/main/java/org/apache/flink/kubernetes/kubeclient/decorators/KerberosMountDecorator.java#L110],
>  we create the deployment like this: 
> {code:java}
> ...
>         volumeMounts:
>         - mountPath: /etc/krb5.conf
>           name: my-krb5conf-volume
>           subPath: krb5.conf    
> ...
>       volumes:
>       - configMap:
>           defaultMode: 420
>           items:
>           - key: mykrb5.conf
>             path: mykrb5.conf
>           name: my-krb5conf
>         name: my-krb5conf-volume
> {code}
> path value should be set to const value "krb5.conf", not the file name that 
> user provide (path: mykrb5.conf).
>  we can use the yaml description file attachment to reproduce the problem.  
> [^mykrb5conf.yaml]
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to