Github user mccheah commented on a diff in the pull request: https://github.com/apache/spark/pull/21748#discussion_r202772018 --- Diff: docs/running-on-kubernetes.md --- @@ -399,18 +426,18 @@ specific to Spark on Kubernetes. <td> Path to the CA cert file for connecting to the Kubernetes API server over TLS from the driver pod when requesting executors. This file must be located on the submitting machine's disk, and will be uploaded to the driver pod. - Specify this as a path as opposed to a URI (i.e. do not provide a scheme). + Specify this as a path as opposed to a URI (i.e. do not provide a scheme). In client mode, use + <code>spark.kubernetes.authenticate.caCertFile</code> instead. </td> </tr> <tr> <td><code>spark.kubernetes.authenticate.driver.clientKeyFile</code></td> <td>(none)</td> <td> Path to the client key file for authenticating against the Kubernetes API server from the driver pod when requesting - executors. This file must be located on the submitting machine's disk, and will be uploaded to the driver pod. - Specify this as a path as opposed to a URI (i.e. do not provide a scheme). If this is specified, it is highly - recommended to set up TLS for the driver submission server, as this value is sensitive information that would be - passed to the driver pod in plaintext otherwise. --- End diff -- This comment is very much out of date actually, it's referring to an old version of this code where we didn't use K8s secrets to push this data, but we instead used a custom HTTP server mounted on the driver. It's from before this was merged into apache/master.
--- --------------------------------------------------------------------- To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org For additional commands, e-mail: reviews-h...@spark.apache.org