Github user ifilonenko commented on the issue: https://github.com/apache/spark/pull/21669 @vanzin This PR does not include the renew service pod as that will live as a separate micro-service. But the current design has the `KubernetesClient` creating the delegation tokens and storing them in secrets that are shared by the driver and executors. As such, because the `Client` is doing the creation, the driver is unable to renew the tokens as the keytab/principle are not passed into the driver, thereby, by design, asking for a separate micro-service to update the secrets, which the driver and executors will immediately detect upon change. So your feedback on the renew service pod is definitely welcomed here. Just as a status report on the state of the PR, the `KubernetesClient` can successfully create the DT and is storing it in a secret that the driver is mounting on the container. However the Driver is unable to login, via the hadoopUGI mechanism, because of a `javax.security.auth.login.LoginException` error that arises from the UnixUsername being `null`.
--- --------------------------------------------------------------------- To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org For additional commands, e-mail: reviews-h...@spark.apache.org