[SPARK-45175][K8S] download krb5.conf from remote storage in spark-submit on k8s#42943
[SPARK-45175][K8S] download krb5.conf from remote storage in spark-submit on k8s#42943dcoliversun wants to merge 1 commit intoapache:masterfrom
Conversation
dcoliversun
force-pushed
the
SPARK-45175
branch
from
5cf0880 to
130ce4a
Compare
dcoliversun
changed the title
|
@dongjoon-hyun It would be good if you have time to review this PR |
|
What if the remote storage requires login via Kerberos before accessing it? |
|
I have the same question with @yaooqinn . Since this is in |
|
@dongjoon-hyun @yaooqinn Thanks for your review. And this is a good question. The specific scenario of this PR is to support users to use krb5.conf on cloud storage, in which authentication is AccessKey. This PR does not support remote services authenticated as Kerberos. I haven't thought of an implementation plan for this yet. Do you have any suggestions? |
|
I'm just wondering if this is a recommended way in the Kerberos community. In any way, you are suggesting to bypass Kerberos security environment in order to download
|
|
@dongjoon-hyun @yaooqinn Back to multi-tenant scenarios, I find Apache spark provide Since this PR cannot support kerberos-based services, I will close it. And Thanks for your time :) |
|
Thank you for your decision, @dcoliversun . |
3 participants
What changes were proposed in this pull request?
krb5.conf currently only supports the local file format. Tenants would like to save this file on their own servers and download it during the spark-submit phase for better implementation of multi-tenant scenarios.
Why are the changes needed?
Currently,
spark.kubernetes.kerberos.krb5.pathsupports only local files.With this PR, we can do the following.
Does this PR introduce any user-facing change?
Yes, this is an improvement.
How was this patch tested?
Add k8s integration test.
Was this patch authored or co-authored using generative AI tooling?
No