mbalassi commented on pull request #17582: URL: https://github.com/apache/flink/pull/17582#issuecomment-995062008
It problem is funny, when we add the `KerberosMountDecorator` it instantiates a `SecurityConfiguration`, which in its [validate](https://github.com/apache/flink/blob/master/flink-runtime/src/main/java/org/apache/flink/runtime/security/SecurityConfiguration.java#L140-L162) method checks that the keytab location exists and is readable. The tests runs successfully if I disable the validation. The reason while the validation fails is that the configuration is already updated to the keytab location that will be valid in the taskmanager pod, but we perform the validation on the local machine running the test. A naive approach to solving this would be modify the implementation of the `KerberosMountDecorator` to instead of using the `SecurityConfiguration` simply get the [kerberos configs](https://github.com/apache/flink/blob/master/flink-kubernetes/src/main/java/org/apache/flink/kubernetes/kubeclient/decorators/KerberosMountDecorator.java#L67-L68) directly from the underlying (general flink) `Configuration` object, thus effectively circumventing the security configuration validation. I dislike this approach, we should rather coordinate the validation and the property setting just noting it to illustrate my point. 😊 @viirya could you please confirm whether this test runs in your environment? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
