Open estiller opened 2 years ago
Proposed solution # 2 can be implemented via setting spark-operator.podAnnotations.checksum/build to constantly changing version in your deployment script, e.g.:
helm upgrade my-umbrella-chart . --set spark-operator.podAnnotations.checksum/build=${my-build-version}
This will trigger spark operator to restart.
Is it not a problem of out of order operation ? I mean I think the problem is that the seviceaccount is always recreated on helm upgrade. Except sparkoperator pods do not wait for the serviceaccount to be recreated before restarting on upgrade. Then most of the time the pods starts with the previous serviceaccount before it is trashed and recreated...
Maybe not recreating the SA would be a better solution ? I see that the chart already has options :
Hi everyone, We install the Spark Operator Helm template (v1.1.24) as part of our system's umbrella chart. Our problem is that we run
helm upgrade
on the umbrella chart, the upgrade causes the Spark Operator template to recreate the operator's Service Account, Cluster Role and Cluster Role Binding. This is because of thehook-delete-policy
introduced in https://github.com/GoogleCloudPlatform/spark-on-k8s-operator/pull/1384.This causes the Spark Operator itself to stop functioning since the pod itself is not recreated/restarted. Since the service account was recreated, its token is different after the upgrade, and the spark operator pod can no longer access the Kubernetes API. You can see it in the logs after it happens:
This is very similar to an issue I found in another project.
The issue is only resolved by manually restarting the pod, or waiting for 60 minutes until the access token is refreshed and the Spark Operator resumes operation.
Our current workaround is to restart the pod after each deployment. This is not ideal as it requires us to run an extra "manual" command after the Helm deployment completes.
Possible solutions include:
Assuming that option 2 is the better choice due to Helm hook limitations, I can open a PR implementing this solution. What do you think?