search

apache-spark-on-k8s / spark

Apache Spark enhanced with native Kubernetes scheduler back-end: NOTE this repository is being ARCHIVED as all new development for the kubernetes scheduler back-end is now on https://github.com/apache/spark/
https://spark.apache.org/
Apache License 2.0
612 stars 118 forks source link

how to give access token in spark-submit to connect to k8s cluster #455

Closed luciferksh closed 7 years ago

luciferksh commented 7 years ago

I have tried to submit spark job using spark-submit in our k8s cluster. The authentication was failed. I have tried with kubectl proxy also. It was not working. Is anyone try to add access token in spark-submit for k8s.

bin/spark-submit  --deploy-mode cluster   --class org.apache.spark.examples.SparkPi   --master k8s://http://127.0.0.1:8003  --kubernetes-namespace sidartha-spark-cluster   --conf spark.executor.instances=2   --conf spark.app.name=spark-pi   --conf spark.kubernetes.driver.docker.image=kubespark/spark-driver:v2.1.0-kubernetes-0.1.0-rc1   --conf spark.kubernetes.executor.docker.image=kubespark/spark-executor:v2.1.0-kubernetes-0.1.0-rc1   examples/jars/spark-examples_2.11-2.1.0-k8s-0.1.0-SNAPSHOT.jar 1000

getting this error 

Exception in thread "main" io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: POST at: http://127.0.0.1:8003/api/v1/namespaces/sidartha-spark-cluster/pods. Message: Forbidden! User sidartha-spark-cluster doesn't have permission..
luciferksh commented 7 years ago

curl http://127.0.0.1:8003/api/v1/namespaces/sidartha-spark-cluster/pods is working fine.

luciferksh commented 7 years ago

Hi @ash211 , Could you please help.

ash211 commented 7 years ago

Is that the exact command you're running? The & KUBERNETES_TRUST_CERTIFICATES=true. looks misplaced.

Where are you expecting the sidartha-spark-cluster user to come from?

luciferksh commented 7 years ago

@ash211 "& KUBERNETES_TRUST_CERTIFICATES=true." was a typo. Actually i tried without this parameter. The "sidartha-spark-cluster" is the namespace which i have created in our k8s cluster.

mccheah commented 7 years ago

It looks like you haven't specified any authentication parameters to the spark-submit command. Have you looked at any of the properties starting with spark.kubernetes.authenticate and see if any apply to you? https://github.com/apache-spark-on-k8s/spark/blob/branch-2.2-kubernetes/docs/running-on-kubernetes.md#spark-properties

luciferksh commented 7 years ago

@mccheah Thanks for your reply. The issue was with our k8s cluster configuration.