search

kubeflow / spark-operator

Kubernetes operator for managing the lifecycle of Apache Spark applications on Kubernetes.
Apache License 2.0
2.79k stars 1.37k forks source link

How can we pass the PSS/PSA required parameter as "seccompProfile" to sparkApplication driver and executor through template. #1690

Closed MohanPatidar5 closed 2 months ago

MohanPatidar5 commented 1 year ago

Hi, using GKE(v1.25.6-gke) and EKS(v1.25.6-eks) cluster with PSS/PSA restricted. I tried to pass the PSS/PSA required parameters through the template to sparkApplication driver and executors but got the issue. below is the configuration which is I'm trying to use.

driver:
    template:
      spec:
        containers:
        - name: spark-driver-temp
          securityContext:
            readOnlyRootFilesystem: false
            capabilities:
              drop: [ ALL ]
            allowPrivilegeEscalation: false
            runAsNonRoot: true
        seccompProfile:
              type: RuntimeDefault

getting the below issue while submitting sparkApplications to operator.

bash-4.4# kubectl apply -f pi.yaml
error: error validating "pi.yaml": error validating data: ValidationError(SparkApplication.spec.driver.template.spec.containers[0].securityContext): unknown field "seccompProfile" in io.k8s.sparkoperator.v1beta2.SparkApplication.spec.driver.template.spec.containers.securityContext; if you choose to ignore these errors, turn validation off with --validate=false

even tried without passing the seccompProfile parameter to securityContext so got the below error in the operator logs. pods \"spark-pi-driver\" is forbidden: violates PodSecurity \"restricted:latest\": seccompProfile (pod or container \"cspk-radish\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\").\n\tat io.fabric8.kubernetes.client.dsl.base.OperationSupport.requestFailure(OperationSupport.java:682)

and I don't see any object defined for the seccompProfile in the CRD to handled parameter. so wanted to know how can we pass the PSS/PSA parameters as seccompProfile through the template to sparkApplication driver and executors.

Thank you, Mohan

github-actions[bot] commented 3 months ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

github-actions[bot] commented 2 months ago

This issue has been automatically closed because it has not had recent activity. Please comment "/reopen" to reopen it.