[
https://issues.apache.org/jira/browse/SPARK-25825?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16670715#comment-16670715
]
Apache Spark commented on SPARK-25825:
--------------------------------------
User 'ifilonenko' has created a pull request for this issue:
https://github.com/apache/spark/pull/22915
> Kerberos Support for Long Running Jobs in Kubernetes
> -----------------------------------------------------
>
> Key: SPARK-25825
> URL: https://issues.apache.org/jira/browse/SPARK-25825
> Project: Spark
> Issue Type: New Feature
> Components: Kubernetes
> Affects Versions: 3.0.0
> Reporter: Ilan Filonenko
> Priority: Major
>
> When provided with a --keytab and --principal combination, there is an
> expectation that Kubernetes would leverage the Driver to spin up a renewal
> thread to handle token renewal. However, in the case that a --keytab and
> --principal are not provided and instead a secretName and secretItemKey is
> provided, there should be an option to specify a config that specifies that a
> external renewal service exists. The driver should, therefore, be responsible
> for discovering changes to the secret and send the updated token data to the
> executor with the UpdateDelegationTokens message. Thereby enabling token
> renewal given just a secret in addition to the traditional use-case via
> --keytab and --principal
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
