[jira] [Commented] (SPARK-25024) Update mesos documentation to be clear about security supported

Tue, 28 Aug 2018 06:00:31 -0700 


    [ 
https://issues.apache.org/jira/browse/SPARK-25024?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16594933#comment-16594933
 ] 

Rob Vesse commented on SPARK-25024:
-----------------------------------

[~tgraves] Attempting to answer your questions:

* We never used cluster mode so can't comment
* Yes and no
** Similar to YARN it does the login locally in the client and then uses HDFS 
delegation tokens so it doesn't ship the keytabs AFAIK but it does ship the 
delegation tokens
* We never used Spark Shuffle Service either so can't comment
* Yes
** Mesos does authentication at the framework level rather than the user level 
so it depends on your setup.  You might have setups where there is a single 
principal and secret used by all Spark users or you might have setups where you 
create a principal and secret for each user.  You can optionally do ACLs within 
Mesos for each framework principal including configuring things like which 
users a framework is allowed to launch jobs as.
* Again not used this feature, think these are similar to K8S secrets in that 
they are created separately and you are just passing identifiers for these to 
Spark and Mesos takes care of providing these securely to your jobs.

Generally we have dropped use of Spark on Mesos in favour of Spark on K8S 
because the security story for Mesos was poor and we had to do a lot of extra 
stuff to provide multi-tenancy whereas with K8S a lot more was available out of 
the box (even if secure HDFS support has yet to land in mainline Spark)

> Update mesos documentation to be clear about security supported
> ---------------------------------------------------------------
>
>                 Key: SPARK-25024
>                 URL: https://issues.apache.org/jira/browse/SPARK-25024
>             Project: Spark
>          Issue Type: Bug
>          Components: Documentation
>    Affects Versions: 2.2.2
>            Reporter: Thomas Graves
>            Priority: Major
>
> I was reading through our mesos deployment docs and security docs and its not 
> clear at all what type of security and how to set it up for mesos.  I think 
> we should clarify this and have something about exactly what is supported and 
> what is not.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org

Reply via email to