search

apache-spark-on-k8s / spark

Apache Spark enhanced with native Kubernetes scheduler back-end: NOTE this repository is being ARCHIVED as all new development for the kubernetes scheduler back-end is now on https://github.com/apache/spark/
https://spark.apache.org/
Apache License 2.0
612 stars 118 forks source link

Kerberos support generates invalid Secret Name #620

Closed rvesse closed 6 years ago

rvesse commented 6 years ago

Trying to run a job with Kerberos support, once I get all the configuration and environment correct so that it does the Kerberos login I get an error reported by K8S because the generate secret name is considered invalid:

Exception in thread "main" io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: POST at: https://192.168.0.7:6443/api/v1/namespaces/rvesse/secrets. Message: Secret "spark-test-1519987477468-spark.kubernetes.kerberos.delegationTokenSecretName.1519987479632" is invalid: metadata.name: Invalid value: "spark-test-1519987477468-spark.kubernetes.kerberos.delegationTokenSecretName.1519987479632": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is 'a-z0-9?(.a-z0-9?)'). Received status: Status(apiVersion=v1, code=422, details=StatusDetails(causes=[StatusCause(field=metadata.name, message=Invalid value: "spark-test-1519987477468-spark.kubernetes.kerberos.delegationTokenSecretName.1519987479632": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9][a-z0-9])?(.a-z0-9?)'), reason=FieldValueInvalid, additionalProperties={})], group=null, kind=Secret, name=spark-test-1519987477468-spark.kubernetes.kerberos.delegationTokenSecretName.1519987479632, retryAfterSeconds=null, uid=null, additionalProperties={}), kind=Status, message=Secret "spark-test-1519987477468-spark.kubernetes.kerberos.delegationTokenSecretName.1519987479632" is invalid: metadata.name: Invalid value: "spark-test-1519987477468-spark.kubernetes.kerberos.delegationTokenSecretName.1519987479632": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9][a-z0-9])?(.a-z0-9?)*'), metadata=ListMeta(resourceVersion=null, selfLink=null, additionalProperties={}), reason=Invalid, status=Failure, additionalProperties={}). at io.fabric8.kubernetes.client.dsl.base.OperationSupport.requestFailure(OperationSupport.java:470) at io.fabric8.kubernetes.client.dsl.base.OperationSupport.assertResponseCode(OperationSupport.java:409) at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:379) at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:343) at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleCreate(OperationSupport.java:226) at io.fabric8.kubernetes.client.dsl.base.BaseOperation.handleCreate(BaseOperation.java:769) at io.fabric8.kubernetes.client.dsl.base.BaseOperation.create(BaseOperation.java:360) at io.fabric8.kubernetes.client.handlers.SecretHandler.create(SecretHandler.java:42) at io.fabric8.kubernetes.client.handlers.SecretHandler.create(SecretHandler.java:32) at io.fabric8.kubernetes.client.dsl.internal.NamespaceVisitFromServerGetWatchDeleteRecreateWaitApplicableListImpl.createOrReplace(NamespaceVisitFromServerGetWatchDeleteRecreateWaitApplicableListImpl.java:208) at io.fabric8.kubernetes.client.dsl.internal.NamespaceVisitFromServerGetWatchDeleteRecreateWaitApplicableListImpl.createOrReplace(NamespaceVisitFromServerGetWatchDeleteRecreateWaitApplicableListImpl.java:66) at org.apache.spark.deploy.k8s.submit.Client$$anonfun$run$3.apply(Client.scala:147) at org.apache.spark.deploy.k8s.submit.Client$$anonfun$run$3.apply(Client.scala:131) at org.apache.spark.util.Utils$.tryWithResource(Utils.scala:2550) at org.apache.spark.deploy.k8s.submit.Client.run(Client.scala:131) at org.apache.spark.deploy.k8s.submit.Client$$anonfun$run$5.apply(Client.scala:200) at org.apache.spark.deploy.k8s.submit.Client$$anonfun$run$5.apply(Client.scala:193) at org.apache.spark.util.Utils$.tryWithResource(Utils.scala:2550) at org.apache.spark.deploy.k8s.submit.Client$.run(Client.scala:193) at org.apache.spark.deploy.k8s.submit.Client$.main(Client.scala:213) at org.apache.spark.deploy.k8s.submit.Client.main(Client.scala) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.spark.deploy.SparkSubmit$.org$apache$spark$deploy$SparkSubmit$$runMain(SparkSubmit.scala:786) at org.apache.spark.deploy.SparkSubmit$.doRunMain$1(SparkSubmit.scala:181) at org.apache.spark.deploy.SparkSubmit$.submit(SparkSubmit.scala:206) at org.apache.spark.deploy.SparkSubmit$.main(SparkSubmit.scala:120) at org.apache.spark.deploy.SparkSubmit.main(SparkSubmit.scala)

I think this is because the last segment is generated with a purely numeric value which fails the validation regex on the API server - [a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)* - that requires every segment to start with a alphabetic character

My Kubernetes version is as follows:

kubectl version Client Version: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.2", GitCommit:"5fa2db2bd46ac79e5e00a4e6ed24191080aa463b", GitTreeState:"clean", BuildDate:"2018-01-18T10:09:24Z", GoVersion:"go1.9.2", Compiler:"gc", Platform:"linux/amd64"} Server Version: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.1", GitCommit:"3a1c9449a956b6026f075fa3134ff92f7d55f812", GitTreeState:"clean", BuildDate:"2018-01-04T11:40:06Z", GoVersion:"go1.9.2", Compiler:"gc", Platform:"linux/amd64"}

rvesse commented 6 years ago

On further analysis the problem is not the numeric segment but the use of the upper case letters

rvesse commented 6 years ago

I will hopefully have a PR out for review once I have validated my fix

liyinan926 commented 6 years ago

@rvesse I think this is already fixed in https://github.com/apache-spark-on-k8s/spark/pull/612.

rvesse commented 6 years ago

Duplicate of #612