K8S-1077 (apache#598)

AlexNavara · web-flow · commit 744e4ae62646 · 2019-12-09T22:10:13.000+02:00
* K8S-1077 - use single k8s secret with user info
diff --git a/resource-managers/kubernetes/core/src/main/scala/org/apache/spark/deploy/k8s/Config.scala b/resource-managers/kubernetes/core/src/main/scala/org/apache/spark/deploy/k8s/Config.scala
@@ -305,27 +305,17 @@ private[spark] object Config extends Logging {
       .stringConf
       .createWithDefault("mapr-cluster-cm")
 
-  val MAPR_CLUSTER_USER_SECRETS =
-    ConfigBuilder("spark.mapr.user.secrets")
+  val MAPR_USER_SECRET =
+    ConfigBuilder("spark.mapr.user.secret")
       .doc("Name of the mapr user secrets")
       .stringConf
-      .createWithDefault("mapr-user-secrets")
+      .createWithDefault("mapr-user-secret")
 
   val MAPR_TICKET_SECRET_KEY =
     ConfigBuilder("spark.mapr.ticket.secret.key")
       .stringConf
       .createWithDefault("CONTAINER_TICKET")
 
-  val MAPR_TICKET_SECRET_PREFIX =
-    ConfigBuilder("spark.mapr.ticket.secret.prefix")
-      .stringConf
-      .createWithDefault("mapr-ticket")
-
-  val MAPR_SSL_SECRET_PREFIX =
-    ConfigBuilder("spark.mapr.ssl.secret.prefix")
-      .stringConf
-      .createWithDefault("mapr-cluster-secrets")
-
   val KUBERNETES_AUTH_SUBMISSION_CONF_PREFIX =
     "spark.kubernetes.authenticate.submission"
 
diff --git a/resource-managers/kubernetes/core/src/main/scala/org/apache/spark/deploy/k8s/features/MaprConfigFeatureStep.scala b/resource-managers/kubernetes/core/src/main/scala/org/apache/spark/deploy/k8s/features/MaprConfigFeatureStep.scala
@@ -1,11 +1,11 @@
 package org.apache.spark.deploy.k8s.features
 
 import scala.collection.JavaConverters._
-import io.fabric8.kubernetes.api.model.{ContainerBuilder, EnvVarBuilder, HasMetadata}
+import io.fabric8.kubernetes.api.model.{ContainerBuilder, EnvVarBuilder, HasMetadata, PodBuilder, VolumeBuilder}
 import org.apache.spark.SparkConf
+import org.apache.spark.deploy.k8s.{KubernetesConf, KubernetesRoleSpecificConf, SparkPod}
 import org.apache.spark.deploy.k8s.Config._
 import org.apache.spark.deploy.k8s.Constants._
-import org.apache.spark.deploy.k8s.{KubernetesConf, KubernetesRoleSpecificConf, SparkPod}
 
 private[spark] class MaprConfigFeatureStep(
     conf: KubernetesConf[_ <: KubernetesRoleSpecificConf])
@@ -22,50 +22,47 @@ private[spark] class MaprConfigFeatureStep(
           .build()
       }
 
-    val maprTicketSecret =
-      s"$KUBERNETES_DRIVER_SECRETS_PREFIX${sparkConf.get(MAPR_TICKET_SECRET_PREFIX)}"
-
-    val maprTicketEnv = sparkConf
-      .getAllWithPrefix(maprTicketSecret).toSeq
-      .map { case (_, value) =>
-        new EnvVarBuilder()
-          .withName(MAPR_TICKETFILE_LOCATION)
-          .withValue(value + s"/${sparkConf.get(MAPR_TICKET_SECRET_KEY)}")
-          .build()
-      }
-
-    val maprSslSecret =
-      s"$KUBERNETES_DRIVER_SECRETS_PREFIX${sparkConf.get(MAPR_SSL_SECRET_PREFIX)}"
-
-    val maprSslEnv = sparkConf
-      .getAllWithPrefix(maprSslSecret).toSeq
-      .map { case (_, value) =>
-        new EnvVarBuilder()
-          .withName(MAPR_SSL_LOCATION)
-          .withValue(value)
-          .build()
-      }
-
     val clusterConfMap = sparkConf.get(MAPR_CLUSTER_CONFIGMAP).toString
-    val clusterUserSecrets = sparkConf.get(MAPR_CLUSTER_USER_SECRETS).toString
+    val userSecret = sparkConf.get(MAPR_USER_SECRET).toString
+    val userSecretVolumeName = s"$userSecret-volume"
+    val userSecretMountPath = "/tmp/maprticket"
+    val ticketFileLocation = s"$userSecretMountPath/${sparkConf.get(MAPR_TICKET_SECRET_KEY)}"
+
+    val maprPod = new PodBuilder(pod.pod)
+      .editOrNewSpec()
+      .addToVolumes(
+        new VolumeBuilder()
+          .withName(userSecretVolumeName)
+          .withNewSecret()
+            .withSecretName(userSecret)
+          .endSecret()
+          .build())
+      .endSpec()
+      .build()
 
-    val container = new ContainerBuilder(pod.container)
+    val maprContainer = new ContainerBuilder(pod.container)
       .addAllToEnv(clusterEnvs.asJava)
-      .addAllToEnv(maprTicketEnv.asJava)
-      .addAllToEnv(maprSslEnv.asJava)
+      .addNewEnv()
+        .withName(MAPR_TICKETFILE_LOCATION)
+        .withValue(ticketFileLocation)
+      .endEnv()
+      .addNewVolumeMount()
+        .withName(userSecretVolumeName)
+        .withMountPath(userSecretMountPath)
+      .endVolumeMount()
       .addNewEnvFrom()
         .withNewConfigMapRef()
           .withName(clusterConfMap)
           .endConfigMapRef()
         .endEnvFrom()
       .addNewEnvFrom()
         .withNewSecretRef()
-          .withName(clusterUserSecrets)
+          .withName(userSecret)
           .endSecretRef()
         .endEnvFrom()
       .build()
 
-    SparkPod(pod.pod, container)
+    SparkPod(maprPod, maprContainer)
   }
 
   override def getAdditionalPodSystemProperties(): Map[String, String] = Map.empty
