spark-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From trung kien <kient...@gmail.com>
Subject Kubernetes security context when submitting job through k8s servers
Date Mon, 09 Jul 2018 21:05:46 GMT
Dear all,

Is there any way to includes security context (
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)
when submitting job through k8s servers?

I'm trying to first spark jobs on Kubernetes through spark-submit:

bin/spark-submit --master k8s://https://API_SERVERS --deploy-mode cluster
--name spark-pi --class org.apache.spark.examples.SparkPi --conf
spark.kubernetes.namespace=NAMESPACE --conf spark.executor.instances=3
--conf spark.kubernetes.container.image=<SPARK_IMAGE> --conf
spark.kubernetes.driver.pod.name=spark-pi-driver
local:///opt/spark/examples/jars/spark-examples_2.11-2.3.1.jar

But the job was rejected because the pod (created by spark-submit) doesn't
have security context to run as my account (Our policy doesn't allow us to
runAsUser root)

I check the code under KubernetesClientApplication.scala
<https://github.com/apache/spark/blob/master/resource-managers/kubernetes/core/src/main/scala/org/apache/spark/deploy/k8s/submit/KubernetesClientApplication.scala>,
it doesn't seems to support security context by configuration.

Is there any solution to get arround this issue? is there any patch that
support this?

-- 
Thanks
Kien

Mime
View raw message