kubeflow / manifests

A repository for Kustomize manifests
Apache License 2.0
828 stars 888 forks source link

Promote spark from contribution to application #2912

Open juliusvonkohout opened 1 week ago

juliusvonkohout commented 1 week ago

Validation Checklist

Version

master

Describe your issue

@rimolive do you remember who wanted to help with the spark operator? I think the main problem is that

  1. it does not work with istio "sidecar.istio.io/inject": "true" https://github.com/kubeflow/manifests/blob/73cbecfe604e84dfc7c0851630a6eb5733022dea/contrib/spark/sparkapplication_example.yaml#L24C7-L24C41

  2. We are missing a securitycontext in https://github.com/kubeflow/manifests/blob/73cbecfe604e84dfc7c0851630a6eb5733022dea/contrib/spark/sparkapplication_example.yaml and it should be upstreamed to the spark repository

    securityContext:
      capabilities:
        drop:
          - ALL
      runAsUser: 185
      runAsGroup: 0
      runAsNonRoot: true
      allowPrivilegeEscalation: false
      seccompProfile:
        type: RuntimeDefault
  3. We need to add runAsGroup:0 or 185 in the securitycontext of https://github.com/kubeflow/manifests/blob/master/contrib/spark/spark-operator/base/kustomization.yaml and we need to upstream it

  4. We need a synchronization script in /hack derived from the current makefile

juliusvonkohout commented 1 week ago

CC @GezimSejdiu