-
Notifications
You must be signed in to change notification settings - Fork 118
-
Notifications
You must be signed in to change notification settings - Fork 118
Duplicated secret volume in pod spec #594
Comments
Ah, yes, this is a bug. I will fix this both upstream into branch-2.3 and here. |
@liyinan926 Thanks. I have a patch available. If you have not started, I could file a PR for it. |
@hex108 Thanks for creating a patch! Can you create a PR? Thanks! |
@hex108 Since the same bug has also been upstreamed into apache/branch-2.3 and it's critical and urgent to get the fix into 2.3, I went ahead and created a PR apache#20148 against apache/branch-2.3. Please take a look at that PR and let us know if the fix is reasonable to you. Thanks for reporting the bug and feel free to suggest a different fix if necessary! |
@liyinan926 A little later... I'll review it. Will close #595 soon. |
Thanks! @hex108. I saw your PR, and it looks like your PR is doing semantically the same fix. Please don't close the PR for now as the fix is needed for this fork anyway. |
…container is used ## What changes were proposed in this pull request? User-specified secrets are mounted into both the main container and init-container (when it is used) in a Spark driver/executor pod, using the `MountSecretsBootstrap`. Because `MountSecretsBootstrap` always adds new secret volumes for the secrets to the pod, the same secret volumes get added twice, one when mounting the secrets to the main container, and the other when mounting the secrets to the init-container. This PR fixes the issue by separating `MountSecretsBootstrap.mountSecrets` out into two methods: `addSecretVolumes` for adding secret volumes to a pod and `mountSecrets` for mounting secret volumes to a container, respectively. `addSecretVolumes` is only called once for each pod, whereas `mountSecrets` is called individually for the main container and the init-container (if it is used). Ref: apache-spark-on-k8s#594. ## How was this patch tested? Unit tested and manually tested. vanzin This replaces #20148. hex108 foxish kimoonkim Author: Yinan Li <liyinan926@gmail.com> Closes #20159 from liyinan926/master. (cherry picked from commit e288fc8) Signed-off-by: Marcelo Vanzin <vanzin@cloudera.com>
…container is used ## What changes were proposed in this pull request? User-specified secrets are mounted into both the main container and init-container (when it is used) in a Spark driver/executor pod, using the `MountSecretsBootstrap`. Because `MountSecretsBootstrap` always adds new secret volumes for the secrets to the pod, the same secret volumes get added twice, one when mounting the secrets to the main container, and the other when mounting the secrets to the init-container. This PR fixes the issue by separating `MountSecretsBootstrap.mountSecrets` out into two methods: `addSecretVolumes` for adding secret volumes to a pod and `mountSecrets` for mounting secret volumes to a container, respectively. `addSecretVolumes` is only called once for each pod, whereas `mountSecrets` is called individually for the main container and the init-container (if it is used). Ref: apache-spark-on-k8s#594. ## How was this patch tested? Unit tested and manually tested. vanzin This replaces #20148. hex108 foxish kimoonkim Author: Yinan Li <liyinan926@gmail.com> Closes #20159 from liyinan926/master.
When specifying secret(e.g.
--conf spark.kubernetes.driver.secrets.test=pass
) in spark-submit command line, there will be an error "Duplicate value "XXX-volume". Because the volume is added twice to pod spec: mountSecret for main container, mountSecret for init container.Command line:
$ bin/spark-submit --deploy-mode cluster --class org.apache.spark.examples.SparkPi
--master k8s://http://localhost:8080 --kubernetes-namespace default
--conf spark.executor.instances=5
--conf spark.app.name=spark-pi
--conf spark.kubernetes.driver.docker.image=jungong/spark-driver:hdfs
--conf spark.kubernetes.executor.docker.image=jungong/spark-executor:hdfs
--conf spark.kubernetes.initcontainer.docker.image=jungong/spark-init:hdfs
--conf spark.kubernetes.resourceStagingServer.uri=http://10.178.106.222:31000
--conf spark.kubernetes.initcontainer.inannotation=true
--conf spark.kubernetes.driver.secrets.test=pass
examples/jars/spark-examples_2.11-2.2.0-k8s-0.5.0.jar
Error message:
The text was updated successfully, but these errors were encountered: