[
https://issues.apache.org/jira/browse/SPARK-26239?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16715438#comment-16715438
]
ASF GitHub Bot commented on SPARK-26239:
----------------------------------------
tgravescs commented on a change in pull request #23252: [SPARK-26239]
File-based secret key loading for SASL.
URL: https://github.com/apache/spark/pull/23252#discussion_r240348714
##########
File path: docs/security.md
##########
@@ -66,6 +66,50 @@ Kubernetes admin to ensure that Spark authentication is
secure.
</tr>
</table>
+Alternatively, one can mount authentication secrets using files and Kubernetes
secrets that
+the user mounts into their pods.
+
+<table class="table">
+<tr><th>Property Name</th><th>Default</th><th>Meaning</th></tr>
+<tr>
+ <td><code>spark.authenticate.secret.file</code></td>
+ <td>None</td>
+ <td>
+ Path pointing to the secret key to use for securing connections. Ensure
that the
+ contents of the file have been securely generated. This file is loaded on
both the driver
+ and the executors unless other settings override this (see below).
Review comment:
similar add only supported on kubernetes
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Add configurable auth secret source in k8s backend
> --------------------------------------------------
>
> Key: SPARK-26239
> URL: https://issues.apache.org/jira/browse/SPARK-26239
> Project: Spark
> Issue Type: New Feature
> Components: Kubernetes
> Affects Versions: 3.0.0
> Reporter: Marcelo Vanzin
> Priority: Major
>
> This is a follow up to SPARK-26194, which aims to add auto-generated secrets
> similar to the YARN backend.
> There's a desire to support different ways to generate and propagate these
> auth secrets (e.g. using things like Vault). Need to investigate:
> - exposing configuration to support that
> - changing SecurityManager so that it can delegate some of the
> secret-handling logic to custom implementations
> - figuring out whether this can also be used in client-mode, where the driver
> is not created by the k8s backend in Spark.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
