robert-clegg-tessella
commented
5 years ago Tessella Ref: NPD/10152/CL/CSC/2019Sep09/13:46:55
Hi Stan,
I'm afraid I haven't had a chance to dig into this deeply, as there is no support contract and my time is mostly taken up with other projects.
However, your suggestion of changing the namespace to "piezo" seems very sensible and well worth trying out. I cannot think of any particular reason why the namespace would need to be "default": if I remember correctly, we simply left it as this because it worked at the time and there were plenty of other features to work on.
I wish you all the best in resolving this!
Kind regards, Rob
Dr Robert CLEGG Senior Analyst Programmer, Project Manager
Email: robert.clegg@tessella.com Telephone: (+44) (0)1235 429055
26 The Quadrant, Abingdon Science Park, Abingdon, Oxfordshire, OX14 3YS UK
www.tessella.com This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
Tessella is a limited company registered in England and Wales. Registered number: 01466429. Registered office: 26 The Quadrant Abingdon Science Park, Abingdon, Oxfordshire, OX14 3YS
From: "Stan Pamela" notifications@github.com To: "ukaea/piezo" piezo@noreply.github.com Cc: "Robert Clegg" robert.clegg@tessella.com, "Mention" mention@noreply.github.com Date: 04/09/2019 08:31 Subject: [ukaea/piezo] RBAC namespace for Piezo Pod (#144) [EXT]
Hi @robert-clegg-tessella cc @alahiff I started working on Piezo a few months ago at CCFE. We met briefly at RAL in spring. While trying to launch Piezo on a K8s cluster, I encountered something I'd like to clarify. Hopefully you can help! When setting up Piezo, there is an RBAC rule created for the namespace "spark", which is done by applying the file piezo/Kubernetes/spark-rbac.yaml. However, the Piezo pod is launched with the namespace "default". At least this is what was in the sample file piezo/web_app_deployment/roles/kubectl/templates/deploy_web_app.yml.j2. Strangely, when running on a fake cluster, like Microk8s (I have not tried Minikube though) this causes no problem and "default" namespace pods seem to be able to access all pods by default, but when running on a real K8s cluster, the REST API inside Piezo is unable to access other pods, which is required obviously to get the list of jobs etc. So, launching the Piezo pod with the namespace "spark" solves this issue, but what I want to clarify is whether this namespace was meant specifically for Spark within Piezo, or for Piezo as a whole. I'm not sure there is a point in having two separate namespaces for Spark-inside-piezo and for Piezo (or is there)? If not, maybe we should rename the namespace as something like "piezo" since this is needed by the whole application and not just Spark? I hope this makes sense. If you can comment on this, I'm more than happy to do the modifications, commit them and send the pull-request. Kind Regards Stan @spamela ? You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.
spamela
Hi @robert-clegg-tessella cc @alahiff
I started working on Piezo a few months ago at CCFE. We met briefly at RAL in spring. While trying to launch Piezo on a K8s cluster, I encountered something I'd like to clarify. Hopefully you can help!
When setting up Piezo, there is an RBAC rule created for the namespace "spark", which is done by applying the file piezo/Kubernetes/spark-rbac.yaml. However, the Piezo pod is launched with the namespace "default". At least this is what was in the sample file piezo/web_app_deployment/roles/kubectl/templates/deploy_web_app.yml.j2.
Strangely, when running on a fake cluster, like Microk8s (I have not tried Minikube though) this causes no problem and "default" namespace pods seem to be able to access all pods by default, but when running on a real K8s cluster, the REST API inside Piezo is unable to access other pods, which is required obviously to get the list of jobs etc.
So, launching the Piezo pod with the namespace "spark" solves this issue, but what I want to clarify is whether this namespace was meant specifically for Spark within Piezo, or for Piezo as a whole. I'm not sure there is a point in having two separate namespaces for Spark-inside-piezo and for Piezo (or is there)? If not, maybe we should rename the namespace as something like "piezo" since this is needed by the whole application and not just Spark?
I hope this makes sense. If you can comment on this, I'm more than happy to do the modifications, commit them and send the pull-request.
Kind Regards Stan @spamela