[
https://issues.apache.org/jira/browse/SPARK-26239?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16715521#comment-16715521
]
ASF GitHub Bot commented on SPARK-26239:
----------------------------------------
mccheah commented on a change in pull request #23252: [SPARK-26239] File-based
secret key loading for SASL.
URL: https://github.com/apache/spark/pull/23252#discussion_r240370643
##########
File path: core/src/main/scala/org/apache/spark/internal/config/package.scala
##########
@@ -419,6 +419,34 @@ package object config {
.booleanConf
.createWithDefault(false)
+ private[spark] val AUTH_SECRET_FILE =
+ ConfigBuilder("spark.authenticate.secret.file")
+ .doc("Path to a file that contains the authentication secret to use. The
secret key is" +
+ " loaded from this path on both the driver and the executors if
overrides are not set for" +
+ " either entity (see below).")
+ .stringConf
+ .createOptional
+
+ private[spark] val AUTH_SECRET_FILE_DRIVER =
+ ConfigBuilder("spark.authenticate.secret.driver.file")
+ .doc("Path to a file that contains the authentication secret to use.
Loaded by the" +
+ " driver. In Kubernetes client mode it is often useful to set a
different secret" +
+ " path for the driver vs. the executors, since the driver may not be
running in" +
+ " a pod unlike the executors. If this is set, an accompanying secret
file must" +
+ " be specified for the executors. The fallback configuration allows
the same path to be" +
+ " used for both the driver and the executors when running in cluster
mode.")
Review comment:
The contents of the file must be the same. The locations may be different or
the same given the configuration matrix proposed here.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Add configurable auth secret source in k8s backend
> --------------------------------------------------
>
> Key: SPARK-26239
> URL: https://issues.apache.org/jira/browse/SPARK-26239
> Project: Spark
> Issue Type: New Feature
> Components: Kubernetes
> Affects Versions: 3.0.0
> Reporter: Marcelo Vanzin
> Priority: Major
>
> This is a follow up to SPARK-26194, which aims to add auto-generated secrets
> similar to the YARN backend.
> There's a desire to support different ways to generate and propagate these
> auth secrets (e.g. using things like Vault). Need to investigate:
> - exposing configuration to support that
> - changing SecurityManager so that it can delegate some of the
> secret-handling logic to custom implementations
> - figuring out whether this can also be used in client-mode, where the driver
> is not created by the k8s backend in Spark.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
