[jira] [Comment Edited] (SPARK-24232) Allow referring to kubernetes secrets as env variable

Yinan Li (JIRA) Fri, 11 May 2018 12:56:20 -0700

    [ 
https://issues.apache.org/jira/browse/SPARK-24232?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16472561#comment-16472561
 ]


Yinan Li edited comment on SPARK-24232 at 5/11/18 7:55 PM:
-----------------------------------------------------------

We should keep the current semantics of 
`spark.kubernetes.driver.secrets.<name>=<mount path>`. The proposal you have 
above is likely confusing to existing users who already use 
`spark.kubernetes.driver.secrets.<name>=<mount path>`. It also makes the code 
unnecessarily complicated. Like what I said on Slack, it's better to do this 
through a new property prefix, e.g., `spark.kubernetes.driver.secretKeyRef.`. 
We also need the same for executors. See 
[http://spark.apache.org/docs/latest/running-on-kubernetes.html#secret-management].


was (Author: liyinan926):
We should keep the current semantics of 
`spark.kubernetes.driver.secrets.<name>=<mount path>`. The proposal you have 
above is a breaking change for existing users who already use 
`spark.kubernetes.driver.secrets.<name>=<mount path>`. Like what I said on 
Slack, it's better to do this through a new property prefix, e.g., 
`spark.kubernetes.driver.secretKeyRef.`. We also need the same for executors. 
See 
http://spark.apache.org/docs/latest/running-on-kubernetes.html#secret-management.

> Allow referring to kubernetes secrets as env variable
> -----------------------------------------------------
>
>                 Key: SPARK-24232
>                 URL: https://issues.apache.org/jira/browse/SPARK-24232
>             Project: Spark
>          Issue Type: New Feature
>          Components: Kubernetes
>    Affects Versions: 2.3.0
>            Reporter: Dharmesh Kakadia
>            Priority: Major
>
> Allow referring to kubernetes secrets in the driver process via environment 
> variables. This will allow developers to use secretes without leaking them in 
> the code and at the same time secrets can be decoupled and managed 
> separately. This can be used to refer to passwords, certificates etc while 
> talking to other service (jdbc passwords, storage keys etc).
> So, at the deployment time, something like 
> ``spark.kubernetes.driver.secretKeyRef.[EnvName]=<key>`` can be specified 
> which will make [EnvName].[key] available as an environment variable and in 
> the code its always referred as env variable [key].



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org

[jira] [Comment Edited] (SPARK-24232) Allow referring to kubernetes secrets as env variable

Reply via email to