maomaodev opened a new pull request, #49467:
URL: https://github.com/apache/spark/pull/49467
<!--
Thanks for sending a pull request! Here are some tips for you:
1. If this is your first time, please read our contributor guidelines:
https://spark.apache.org/contributing.html
2. Ensure you have added or run the appropriate tests for your PR:
https://spark.apache.org/developer-tools.html
3. If the PR is unfinished, add '[WIP]' in your PR title, e.g.,
'[WIP][SPARK-XXXX] Your PR title ...'.
4. Be sure to keep the PR description updated to reflect all changes.
5. Please write your PR title to summarize what this PR proposes.
6. If possible, provide a concise example to reproduce the issue for a
faster review.
7. If you want to add a new configuration, please read the guideline first
for naming configurations in
'core/src/main/scala/org/apache/spark/internal/config/ConfigEntry.scala'.
8. If you want to add or modify an error type or message, please read the
guideline first in
'common/utils/src/main/resources/error/README.md'.
-->
### What changes were proposed in this pull request?
n this pr, for spark on k8s, the krb5.conf config map will be mounted in
executor side as well.
Before, the krb5.conf config map is only mounted in driver side. But
according to the parameter description, the krb5.conf file should be mounted on
both the driver and the executor.
```
val KUBERNETES_KERBEROS_KRB5_FILE =
ConfigBuilder("spark.kubernetes.kerberos.krb5.path")
.doc("Specify the local location of the krb5.conf file to be mounted
on the driver " +
"and executors for Kerberos. Note: The KDC defined needs to be " +
"visible from inside the containers ")
.version("3.0.0")
.stringConf
.createOptional
val KUBERNETES_KERBEROS_KRB5_CONFIG_MAP =
ConfigBuilder("spark.kubernetes.kerberos.krb5.configMapName")
.doc("Specify the name of the ConfigMap, containing the krb5.conf
file, to be mounted " +
"on the driver and executors for Kerberos. Note: The KDC defined" +
"needs to be visible from inside the containers ")
.version("3.0.0")
.stringConf
.createOptional
```
### Why are the changes needed?
After [SPARK-43504](https://issues.apache.org/jira/browse/SPARK-43504), the
hadoop config map will be mounted on the executor pod.
Now the executor pod fails to start because the hadoop conf file contains
Kerberos authentication configuration, but the executor does not mount
krb5.conf correctly.
See the https://github.com/apache/spark/pull/41181 discuss.
### Does this PR introduce _any_ user-facing change?
Yes, users do not need to take workarounds to make executors load the
krb5.conf.
Such as:
- including krb5.conf in executor image
- placing krb5.conf in executor working directory using --files
### How was this patch tested?
- UT.
- Manually test
1. After compiling the code successfully, I rebuilt the Spark image (the
image does not contain the /etc/krb5.conf file) and used the new client to
submit.
2. Prior to this PR, the executor pod fails to start, logs showed an
error: java.lang.IllegalArgumentException: Can't get Kerberos realm. Because
krb5.conf was not mounted to the executor pod correctly.
3. After this PR, the executor pod starts successfully, and the executor
pod logs show Kerberos authentication, with the same krb5.conf config map
mounted as the driver pod.
<img width="1445" alt="企业微信20250113-154711@2x"
src="https://github.com/user-attachments/assets/92e379df-b1dd-4fa7-b125-7fbb114d478e";
/>
<img width="1433" alt="企业微信20250113-154442@2x"
src="https://github.com/user-attachments/assets/d899d4bf-9fe0-42b9-890e-62ff0115e79a";
/>
### Was this patch authored or co-authored using generative AI tooling?
no
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional commands, e-mail: reviews-h...@spark.apache.org
