[ https://issues.apache.org/jira/browse/SPARK-24232?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16472561#comment-16472561 ]
Yinan Li edited comment on SPARK-24232 at 5/11/18 7:55 PM: ----------------------------------------------------------- We should keep the current semantics of `spark.kubernetes.driver.secrets.<name>=<mount path>`. The proposal you have above is likely confusing to existing users who already use `spark.kubernetes.driver.secrets.<name>=<mount path>`. It also makes the code unnecessarily complicated. Like what I said on Slack, it's better to do this through a new property prefix, e.g., `spark.kubernetes.driver.secretKeyRef.`. We also need the same for executors. See [http://spark.apache.org/docs/latest/running-on-kubernetes.html#secret-management]. was (Author: liyinan926): We should keep the current semantics of `spark.kubernetes.driver.secrets.<name>=<mount path>`. The proposal you have above is a breaking change for existing users who already use `spark.kubernetes.driver.secrets.<name>=<mount path>`. Like what I said on Slack, it's better to do this through a new property prefix, e.g., `spark.kubernetes.driver.secretKeyRef.`. We also need the same for executors. See http://spark.apache.org/docs/latest/running-on-kubernetes.html#secret-management. > Allow referring to kubernetes secrets as env variable > ----------------------------------------------------- > > Key: SPARK-24232 > URL: https://issues.apache.org/jira/browse/SPARK-24232 > Project: Spark > Issue Type: New Feature > Components: Kubernetes > Affects Versions: 2.3.0 > Reporter: Dharmesh Kakadia > Priority: Major > > Allow referring to kubernetes secrets in the driver process via environment > variables. This will allow developers to use secretes without leaking them in > the code and at the same time secrets can be decoupled and managed > separately. This can be used to refer to passwords, certificates etc while > talking to other service (jdbc passwords, storage keys etc). > So, at the deployment time, something like > ``spark.kubernetes.driver.secretKeyRef.[EnvName]=<key>`` can be specified > which will make [EnvName].[key] available as an environment variable and in > the code its always referred as env variable [key]. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org