Github user vanzin commented on a diff in the pull request:
https://github.com/apache/spark/pull/22911#discussion_r233643587
--- Diff:
resource-managers/kubernetes/core/src/main/scala/org/apache/spark/deploy/k8s/features/BasicExecutorFeatureStep.scala
---
@@ -144,6 +144,10 @@ private[spark] class BasicExecutorFeatureStep(
.addToLimits("memory", executorMemoryQuantity)
.addToRequests("cpu", executorCpuQuantity)
.endResources()
+ .addNewEnv()
+ .withName(ENV_SPARK_USER)
--- End diff --
If you don't do this, whatever is the OS user in the container will become
the identity used to talk to Hadoop services (when kerberos is not on).
In YARN, for example, that would be the "yarn" user.
In k8s, with the current image, that would be "root".
You probably don't want that by default. We're talking about non-secured
Hadoop here, so users can easily override this stuff, but by default let's at
least try to identify the user correctly.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional commands, e-mail: reviews-h...@spark.apache.org
