Github user mccheah commented on a diff in the pull request:
https://github.com/apache/spark/pull/21748#discussion_r202772018
--- Diff: docs/running-on-kubernetes.md ---
@@ -399,18 +426,18 @@ specific to Spark on Kubernetes.
<td>
Path to the CA cert file for connecting to the Kubernetes API server
over TLS from the driver pod when requesting
executors. This file must be located on the submitting machine's disk,
and will be uploaded to the driver pod.
- Specify this as a path as opposed to a URI (i.e. do not provide a
scheme).
+ Specify this as a path as opposed to a URI (i.e. do not provide a
scheme). In client mode, use
+ <code>spark.kubernetes.authenticate.caCertFile</code> instead.
</td>
</tr>
<tr>
<td><code>spark.kubernetes.authenticate.driver.clientKeyFile</code></td>
<td>(none)</td>
<td>
Path to the client key file for authenticating against the Kubernetes
API server from the driver pod when requesting
- executors. This file must be located on the submitting machine's disk,
and will be uploaded to the driver pod.
- Specify this as a path as opposed to a URI (i.e. do not provide a
scheme). If this is specified, it is highly
- recommended to set up TLS for the driver submission server, as this
value is sensitive information that would be
- passed to the driver pod in plaintext otherwise.
--- End diff --
This comment is very much out of date actually, it's referring to an old
version of this code where we didn't use K8s secrets to push this data, but we
instead used a custom HTTP server mounted on the driver. It's from before this
was merged into apache/master.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional commands, e-mail: reviews-h...@spark.apache.org
