surahman commented on pull request #3710:
URL: https://github.com/apache/incubator-heron/pull/3710#issuecomment-939336529
@nicknezis I am confirming that all items are being carried over from the
provided Pod Template. `Environment` and `Limits` variables are being augmented
with all Heron defaults taking precedence. We need to consider whether we need
to augment the `Ports`, `Volume Mounts`, and the `Resource Requests`.
Any container provided in the Pod Template that is not named as `executor`
is being discarded. The image provided for the `executor` is overwritten by
the Heron default value. This is for security concerns.
In the example below I have added some random `Environment` variables to
demonstrate:
<details><summary>pos-template.yaml</summary>
```yaml
apiVersion: v1
kind: PodTemplate
metadata:
name: pod-template-example
namespace: default
template:
metadata:
name: acking-pod-template-example
spec:
containers:
- name: executor
securityContext:
allowPrivilegeEscalation: false
env:
- name: Porsche
value: "992 4S GTS"
- name: Porsche
value: "992 GT3 Touring"
- name: Everything-Else
value: "turds"
- name: BusyBox
image: busybox:latest
env:
- name: BusyBox_ENV
value: "should not exist"
```
</details>
<details><summary>kubectl describe pods acking-0</summary>
```bash
Name: acking-0
Namespace: default
Priority: 0
Node: minikube/192.168.49.2
Start Time: Sat, 09 Oct 2021 13:39:11 -0400
Labels: app=heron
controller-revision-hash=acking-7f746f959c
statefulset.kubernetes.io/pod-name=acking-0
topology=acking
Annotations: prometheus.io/port: 8080
prometheus.io/scrape: true
Status: Running
IP: 172.17.0.9
IPs:
IP: 172.17.0.9
Controlled By: StatefulSet/acking
Containers:
executor:
Container ID:
docker://2dfcf887ef3eb6893716ebf8a97953a94c27723b2df7649dadb1763e8d5408f5
Image: apache/heron:testbuild
Image ID:
docker://sha256:dfea9b424c7cf8061d495969b54cf862a2cabb582b1576d0f9d0f7cd060a1f7e
Ports: 6005/TCP, 6006/TCP, 6008/TCP, 6003/TCP, 6004/TCP,
6009/TCP, 6001/TCP, 6002/TCP, 6007/TCP
Host Ports: 0/TCP, 0/TCP, 0/TCP, 0/TCP, 0/TCP, 0/TCP, 0/TCP, 0/TCP,
0/TCP
Command:
sh
-c
./heron-core/bin/heron-downloader-config kubernetes &&
./heron-core/bin/heron-downloader
distributedlog://zookeeper:2181/heronbkdl/acking-saad-tag-0--1080570153153064408.tar.gz
. && SHARD_ID=${POD_NAME##*-} && echo shardId=${SHARD_ID} &&
./heron-core/bin/heron-executor --topology-name=acking
--topology-id=ackingfef5147f-5e10-4515-98bd-82342e957919
--topology-defn-file=acking.defn --state-manager-connection=zookeeper:2181
--state-manager-root=/heron
--state-manager-config-file=./heron-conf/statemgr.yaml
--tmanager-binary=./heron-core/bin/heron-tmanager
--stmgr-binary=./heron-core/bin/heron-stmgr
--metrics-manager-classpath=./heron-core/lib/metricsmgr/*
--instance-jvm-opts="LVhYOitIZWFwRHVtcE9uT3V0T2ZNZW1vcnlFcnJvcg(61)(61)"
--classpath=heron-api-examples.jar
--heron-internals-config-file=./heron-conf/heron_internals.yaml
--override-config-file=./heron-conf/override.yaml
--component-ram-map=exclaim1:1073741824,word:1073741824 --component-jvm-opts=""
--pkg-type=jar --topology-b
inary-file=heron-api-examples.jar --heron-java-home=$JAVA_HOME
--heron-shell-binary=./heron-core/bin/heron-shell --cluster=kubernetes
--role=saad --environment=default
--instance-classpath=./heron-core/lib/instance/*
--metrics-sinks-config-file=./heron-conf/metrics_sinks.yaml
--scheduler-classpath=./heron-core/lib/scheduler/*:./heron-core/lib/packing/*:./heron-core/lib/statemgr/*
--python-instance-binary=./heron-core/bin/heron-python-instance
--cpp-instance-binary=./heron-core/bin/heron-cpp-instance
--metricscache-manager-classpath=./heron-core/lib/metricscachemgr/*
--metricscache-manager-mode=disabled --is-stateful=false
--checkpoint-manager-classpath=./heron-core/lib/ckptmgr/*:./heron-core/lib/statefulstorage/*:
--stateful-config-file=./heron-conf/stateful.yaml
--checkpoint-manager-ram=1073741824 --health-manager-mode=disabled
--health-manager-classpath=./heron-core/lib/healthmgr/* --shard=$SHARD_ID
--server-port=6001 --tmanager-controller-port=6002 --tmanager-stats-port=6003
--sh
ell-port=6004 --metrics-manager-port=6005 --scheduler-port=6006
--metricscache-manager-server-port=6007 --metricscache-manager-stats-port=6008
--checkpoint-manager-port=6009
State: Running
Started: Sat, 09 Oct 2021 13:39:12 -0400
Ready: True
Restart Count: 0
Limits:
cpu: 3
memory: 4Gi
Requests:
cpu: 3
memory: 4Gi
Environment:
Everything-Else: turds
Porsche: 992 GT3 Touring
POD_NAME: acking-0 (v1:metadata.name)
Porsche: 992 4S GTS
HOST: (v1:status.podIP)
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from
kube-api-access-p9hwk (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
kube-api-access-p9hwk:
Type: Projected (a volume that contains injected data
from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: Guaranteed
Node-Selectors: <none>
Tolerations: node.alpha.kubernetes.io/notReady:NoExecute
op=Exists for 10s
node.alpha.kubernetes.io/unreachable:NoExecute
op=Exists for 10s
node.kubernetes.io/not-ready:NoExecute
op=Exists for 10s
node.kubernetes.io/unreachable:NoExecute
op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 21s default-scheduler Successfully assigned
default/acking-0 to minikube
Normal Pulled 20s kubelet Container image
"apache/heron:testbuild" already present on machine
Normal Created 20s kubelet Created container executor
Normal Started 20s kubelet Started container executor
```
</details>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
