Github user ifilonenko commented on the issue:
https://github.com/apache/spark/pull/21669
@vanzin This PR does not include the renew service pod as that will live as
a separate micro-service. But the current design has the `KubernetesClient`
creating the delegation tokens and storing them in secrets that are shared by
the driver and executors. As such, because the `Client` is doing the creation,
the driver is unable to renew the tokens as the keytab/principle are not passed
into the driver, thereby, by design, asking for a separate micro-service to
update the secrets, which the driver and executors will immediately detect upon
change. So your feedback on the renew service pod is definitely welcomed here.
Just as a status report on the state of the PR, the `KubernetesClient` can
successfully create the DT and is storing it in a secret that the driver is
mounting on the container. However the Driver is unable to login, via the
hadoopUGI mechanism, because of a `javax.security.auth.login.LoginException`
error that arises from the UnixUsername being `null`.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional commands, e-mail: reviews-h...@spark.apache.org
