Github user ifilonenko commented on a diff in the pull request:
https://github.com/apache/spark/pull/21669#discussion_r207281949
--- Diff:
resource-managers/kubernetes/core/src/main/scala/org/apache/spark/deploy/k8s/submit/KubernetesClientApplication.scala
---
@@ -107,7 +109,14 @@ private[spark] class Client(
def run(): Unit = {
val resolvedDriverSpec = builder.buildFromFeatures(kubernetesConf)
val configMapName = s"$kubernetesResourceNamePrefix-driver-conf-map"
- val configMap = buildConfigMap(configMapName,
resolvedDriverSpec.systemProperties)
+ val isKerberosEnabled =
kubernetesConf.getTokenManager.isSecurityEnabled
+ // HADOOP_SECURITY_AUTHENTICATION is defined as simple for the driver
and executors as
+ // they need only the delegation token to access secure HDFS, no need
to sign in to Kerberos
+ val maybeSimpleAuthentication =
+ if (isKerberosEnabled) Some((s"-D$HADOOP_SECURITY_AUTHENTICATION",
"simple")) else None
--- End diff --
I agree that the uses cases presented above require Kerberos login on the
driver and executors. I will address these concerns in my followup commit.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
