addresses comments from PR

ifilonenko · ifilonenko · commit 6efa37906ccc · 2017-08-31T12:51:50.000-04:00
diff --git a/docs/running-on-kubernetes.md b/docs/running-on-kubernetes.md
@@ -786,7 +786,7 @@ from the other deployment modes. See the [configuration page](configuration.html
   <td><code>spark.kubernetes.kerberos.enabled</code></td> 
   <td>false</td>
   <td>
-    Specify whether your job is a job that will require a Kerberos Authorization to access HDFS. By default, we
+    Specify whether your job requires a Kerberos Authentication to access HDFS. By default, we
     will assume that you will not require secure HDFS access. 
   </td>
 </tr>
@@ -820,12 +820,12 @@ from the other deployment modes. See the [configuration page](configuration.html
   </td>
 </tr>
 <tr>
-  <td><code>spark.kubernetes.kerberos.tokensecret.label</code></td> 
+  <td><code>spark.kubernetes.kerberos.tokensecret.itemkey</code></td> 
   <td>spark.kubernetes.kerberos.dt.label</td>
   <td>
     Assuming you have set <code>spark.kubernetes.kerberos.enabled</code> to be true. This will let you specify 
     the label within the pre-specified secret where the data of your existing delegation token data is stored. 
-    We have a default value of <code>spark.kubernetes.kerberos.dt.label</code> should you not include it. But
+    We have a default value of <code>spark.kubernetes.kerberos.tokensecret.itemkey</code> should you not include it. But
     you should always include this if you are proposing a pre-existing secret contain the delegation token data.
   <td><code>spark.executorEnv.[EnvironmentVariableName]</code></td> 
   <td>(none)</td>
diff --git a/resource-managers/kubernetes/core/src/main/scala/org/apache/spark/deploy/kubernetes/KerberosTokenConfBootstrap.scala b/resource-managers/kubernetes/core/src/main/scala/org/apache/spark/deploy/kubernetes/KerberosTokenConfBootstrap.scala
@@ -36,7 +36,7 @@ private[spark] trait KerberosTokenBootstrapConf {
 
 private[spark] class KerberosTokenConfBootstrapImpl(
   secretName: String,
-  secretLabel: String,
+  secretItemKey: String,
   userName: String) extends KerberosTokenBootstrapConf with Logging{
 
 
@@ -62,7 +62,7 @@ private[spark] class KerberosTokenConfBootstrapImpl(
         .endVolumeMount()
       .addNewEnv()
         .withName(ENV_HADOOP_TOKEN_FILE_LOCATION)
-        .withValue(s"$SPARK_APP_HADOOP_CREDENTIALS_BASE_DIR/$secretLabel")
+        .withValue(s"$SPARK_APP_HADOOP_CREDENTIALS_BASE_DIR/$secretItemKey")
         .endEnv()
       .addNewEnv()
         .withName(ENV_SPARK_USER)
diff --git a/resource-managers/kubernetes/core/src/main/scala/org/apache/spark/deploy/kubernetes/config.scala b/resource-managers/kubernetes/core/src/main/scala/org/apache/spark/deploy/kubernetes/config.scala
@@ -570,9 +570,9 @@ package object config extends Logging {
       .stringConf
       .createOptional
 
-  private[spark] val KUBERNETES_KERBEROS_DT_SECRET_LABEL =
-    ConfigBuilder("spark.kubernetes.kerberos.tokensecret.label")
-      .doc("Specify the label of the data where " +
+  private[spark] val KUBERNETES_KERBEROS_DT_SECRET_ITEM_KEY =
+    ConfigBuilder("spark.kubernetes.kerberos.tokensecret.itemkey")
+      .doc("Specify the item key of the data where " +
         " your existing delegation token is stored. This removes the need" +
         " for the job user to provide any keytab for launching a job")
       .stringConf
diff --git a/resource-managers/kubernetes/core/src/main/scala/org/apache/spark/deploy/kubernetes/constants.scala b/resource-managers/kubernetes/core/src/main/scala/org/apache/spark/deploy/kubernetes/constants.scala
@@ -113,8 +113,8 @@ package object constants {
     "spark.kubernetes.kerberos.dt"
   private[spark] val HADOOP_KERBEROS_CONF_SECRET =
     "spark.kubernetes.kerberos.secretname"
-  private[spark] val HADOOP_KERBEROS_CONF_LABEL =
-    "spark.kubernetes.kerberos.labelname"
+  private[spark] val HADOOP_KERBEROS_CONF_ITEM_KEY =
+    "spark.kubernetes.kerberos.itemkeyname"
   private[spark] val KERBEROS_SECRET_LABEL_PREFIX =
     "hadoop-tokens"
   private[spark] val SPARK_HADOOP_PREFIX = "spark.hadoop."
diff --git a/resource-managers/kubernetes/core/src/main/scala/org/apache/spark/deploy/kubernetes/submit/submitsteps/HadoopConfigBootstrapStep.scala b/resource-managers/kubernetes/core/src/main/scala/org/apache/spark/deploy/kubernetes/submit/submitsteps/HadoopConfigBootstrapStep.scala
@@ -42,7 +42,7 @@ private[spark] class HadoopConfigBootstrapStep(
       additionalDriverSparkConf = Map.empty[String, String],
       dtSecret = None,
       dtSecretName = HADOOP_KERBEROS_SECRET_NAME,
-      dtSecretLabel = "")
+      dtSecretItemKey = "")
     for (nextStep <- hadoopConfigurationSteps) {
       currentHadoopSpec = nextStep.configureContainers(currentHadoopSpec)
     }
diff --git a/resource-managers/kubernetes/core/src/main/scala/org/apache/spark/deploy/kubernetes/submit/submitsteps/hadoopsteps/HadoopConfigSpec.scala b/resource-managers/kubernetes/core/src/main/scala/org/apache/spark/deploy/kubernetes/submit/submitsteps/hadoopsteps/HadoopConfigSpec.scala
@@ -30,7 +30,7 @@ import io.fabric8.kubernetes.api.model.{Container, Pod, Secret}
   *   pairs of (path, data)
   * - The secret containing a DT, either previously specified or built on the fly
   * - The name of the secret where the DT will be stored
-  * - The label on the secret which correlates with where the current DT data is stored
+  * - The data item-key on the secret which correlates with where the current DT data is stored
   */
 private[spark] case class HadoopConfigSpec(
   additionalDriverSparkConf: Map[String, String],
@@ -39,4 +39,4 @@ private[spark] case class HadoopConfigSpec(
   configMapProperties: Map[String, String],
   dtSecret: Option[Secret],
   dtSecretName: String,
-  dtSecretLabel: String)
+  dtSecretItemKey: String)
diff --git a/resource-managers/kubernetes/core/src/main/scala/org/apache/spark/deploy/kubernetes/submit/submitsteps/hadoopsteps/HadoopKerberosKeytabResolverStep.scala b/resource-managers/kubernetes/core/src/main/scala/org/apache/spark/deploy/kubernetes/submit/submitsteps/hadoopsteps/HadoopKerberosKeytabResolverStep.scala
@@ -102,17 +102,18 @@ private[spark] class HadoopKerberosKeytabResolverStep(
     val data = serialize(credentials)
     val renewalTime = getTokenRenewalInterval(tokens, hadoopConf).getOrElse(Long.MaxValue)
     val currentTime: Long = System.currentTimeMillis()
-    val initialTokenLabelName = s"$KERBEROS_SECRET_LABEL_PREFIX-$currentTime-$renewalTime"
+    val initialTokenDataKeyName = s"$KERBEROS_SECRET_LABEL_PREFIX-$currentTime-$renewalTime"
     val secretDT =
       new SecretBuilder()
         .withNewMetadata()
           .withName(HADOOP_KERBEROS_SECRET_NAME)
+          .withLabels(Map("refresh-hadoop-tokens" -> "yes").asJava)
           .endMetadata()
-          .addToData(initialTokenLabelName, Base64.encodeBase64String(data))
+          .addToData(initialTokenDataKeyName, Base64.encodeBase64String(data))
       .build()
     val bootstrapKerberos = new KerberosTokenConfBootstrapImpl(
       HADOOP_KERBEROS_SECRET_NAME,
-      initialTokenLabelName,
+      initialTokenDataKeyName,
       jobUserUGI.getShortUserName)
     val withKerberosEnvPod = bootstrapKerberos.bootstrapMainContainerAndVolumes(
       PodWithMainContainer(
@@ -121,13 +122,13 @@ private[spark] class HadoopKerberosKeytabResolverStep(
     hadoopConfigSpec.copy(
       additionalDriverSparkConf =
         hadoopConfigSpec.additionalDriverSparkConf ++ Map(
-          HADOOP_KERBEROS_CONF_LABEL -> initialTokenLabelName,
+          HADOOP_KERBEROS_CONF_ITEM_KEY -> initialTokenDataKeyName,
           HADOOP_KERBEROS_CONF_SECRET -> HADOOP_KERBEROS_SECRET_NAME),
       driverPod = withKerberosEnvPod.pod,
       driverContainer = withKerberosEnvPod.mainContainer,
       dtSecret = Some(secretDT),
       dtSecretName = HADOOP_KERBEROS_SECRET_NAME,
-      dtSecretLabel = initialTokenLabelName)
+      dtSecretItemKey = initialTokenDataKeyName)
   }
 
   // Functions that should be in Core with Rebase to 2.3
diff --git a/resource-managers/kubernetes/core/src/main/scala/org/apache/spark/deploy/kubernetes/submit/submitsteps/hadoopsteps/HadoopKerberosSecretResolverStep.scala b/resource-managers/kubernetes/core/src/main/scala/org/apache/spark/deploy/kubernetes/submit/submitsteps/hadoopsteps/HadoopKerberosSecretResolverStep.scala
@@ -25,18 +25,18 @@ import org.apache.spark.deploy.kubernetes.constants._
  /**
   * This step assumes that you have already done all the heavy lifting in retrieving a
   * delegation token and storing the following data in a secret before running this job.
-  * This step requires that you just specify the secret name and label corresponding to the
-  * data where the delegation token is stored.
+  * This step requires that you just specify the secret name and data item-key corresponding
+  * to the data where the delegation token is stored.
   */
 private[spark] class HadoopKerberosSecretResolverStep(
   submissionSparkConf: SparkConf,
   tokenSecretName: String,
-  tokenLabelName: String) extends HadoopConfigurationStep {
+  tokenItemKeyName: String) extends HadoopConfigurationStep {
 
   override def configureContainers(hadoopConfigSpec: HadoopConfigSpec): HadoopConfigSpec = {
     val bootstrapKerberos = new KerberosTokenConfBootstrapImpl(
       tokenSecretName,
-      tokenLabelName,
+      tokenItemKeyName,
       UserGroupInformation.getCurrentUser.getShortUserName)
     val withKerberosEnvPod = bootstrapKerberos.bootstrapMainContainerAndVolumes(
       PodWithMainContainer(
@@ -47,10 +47,10 @@ private[spark] class HadoopKerberosSecretResolverStep(
       driverContainer = withKerberosEnvPod.mainContainer,
       additionalDriverSparkConf =
         hadoopConfigSpec.additionalDriverSparkConf ++ Map(
-          HADOOP_KERBEROS_CONF_LABEL -> tokenLabelName,
+          HADOOP_KERBEROS_CONF_ITEM_KEY -> tokenItemKeyName,
           HADOOP_KERBEROS_CONF_SECRET -> tokenSecretName),
       dtSecret = None,
       dtSecretName = tokenSecretName,
-      dtSecretLabel = tokenLabelName)
+      dtSecretItemKey = tokenItemKeyName)
   }
 }
diff --git a/resource-managers/kubernetes/core/src/main/scala/org/apache/spark/deploy/kubernetes/submit/submitsteps/hadoopsteps/HadoopStepsOrchestrator.scala b/resource-managers/kubernetes/core/src/main/scala/org/apache/spark/deploy/kubernetes/submit/submitsteps/hadoopsteps/HadoopStepsOrchestrator.scala
@@ -36,8 +36,8 @@ private[spark] class HadoopStepsOrchestrator(
    private val maybeKeytab = submissionSparkConf.get(KUBERNETES_KERBEROS_KEYTAB)
      .map(k => new File(k))
    private val maybeExistingSecret = submissionSparkConf.get(KUBERNETES_KERBEROS_DT_SECRET_NAME)
-   private val maybeExistingSecretLabel =
-     submissionSparkConf.get(KUBERNETES_KERBEROS_DT_SECRET_LABEL)
+   private val maybeExistingSecretItemKey =
+     submissionSparkConf.get(KUBERNETES_KERBEROS_DT_SECRET_ITEM_KEY)
    private val hadoopConfigurationFiles = getHadoopConfFiles(hadoopConfDir)
    logInfo(s"Hadoop Conf directory: $hadoopConfDir")
 
@@ -55,10 +55,10 @@ private[spark] class HadoopStepsOrchestrator(
 
    OptionRequirements.requireBothOrNeitherDefined(
      maybeExistingSecret,
-     maybeExistingSecretLabel,
+     maybeExistingSecretItemKey,
      "If a secret storing a Kerberos Delegation Token is specified you must also" +
      " specify the label where the data is stored",
-     "If a secret label where the data of the Kerberos Delegation Token is specified" +
+     "If a secret data item-key where the data of the Kerberos Delegation Token is specified" +
        " you must also specify the name of the secret")
 
   def getHadoopSteps(): Seq[HadoopConfigurationStep] = {
@@ -72,10 +72,10 @@ private[spark] class HadoopStepsOrchestrator(
       hadoopConfDir)
     val maybeKerberosStep =
       if (isKerberosEnabled) {
-        maybeExistingSecret.map(secretLabel => Some(new HadoopKerberosSecretResolverStep(
+        maybeExistingSecret.map(secretItemKey => Some(new HadoopKerberosSecretResolverStep(
          submissionSparkConf,
-          secretLabel,
-          maybeExistingSecretLabel.get))).getOrElse(Some(
+          secretItemKey,
+          maybeExistingSecretItemKey.get))).getOrElse(Some(
             new HadoopKerberosKeytabResolverStep(
               submissionSparkConf,
               maybePrincipal,
diff --git a/resource-managers/kubernetes/core/src/main/scala/org/apache/spark/scheduler/cluster/kubernetes/KubernetesClusterManager.scala b/resource-managers/kubernetes/core/src/main/scala/org/apache/spark/scheduler/cluster/kubernetes/KubernetesClusterManager.scala
@@ -44,7 +44,7 @@ private[spark] class KubernetesClusterManager extends ExternalClusterManager wit
     val maybeHadoopConfigMap = sparkConf.getOption(HADOOP_CONFIG_MAP_SPARK_CONF_NAME)
     val maybeHadoopConfDir = sparkConf.getOption(HADOOP_CONF_DIR_LOC)
     val maybeDTSecretName = sparkConf.getOption(HADOOP_KERBEROS_CONF_SECRET)
-    val maybeDTLabelName = sparkConf.getOption(HADOOP_KERBEROS_CONF_LABEL)
+    val maybeDTLabelName = sparkConf.getOption(HADOOP_KERBEROS_CONF_ITEM_KEY)
     val maybeInitContainerConfigMap = sparkConf.get(EXECUTOR_INIT_CONTAINER_CONFIG_MAP)
     val maybeInitContainerConfigMapKey = sparkConf.get(EXECUTOR_INIT_CONTAINER_CONFIG_MAP_KEY)
     val maybeSubmittedFilesSecret = sparkConf.get(EXECUTOR_SUBMITTED_SMALL_FILES_SECRET)
@@ -91,11 +91,11 @@ private[spark] class KubernetesClusterManager extends ExternalClusterManager wit
     }
     val kerberosBootstrap = for {
       secretName <- maybeDTSecretName
-      secretLabel <- maybeDTLabelName
+      secretItemKey <- maybeDTLabelName
     } yield {
       new KerberosTokenConfBootstrapImpl(
         secretName,
-        secretLabel,
+        secretItemKey,
         Utils.getCurrentUserName)
     }
     val mountSmallFilesBootstrap = for {
diff --git a/resource-managers/kubernetes/core/src/test/scala/org/apache/spark/deploy/kubernetes/submit/submitsteps/HadoopConfigBootstrapStepSuite.scala b/resource-managers/kubernetes/core/src/test/scala/org/apache/spark/deploy/kubernetes/submit/submitsteps/HadoopConfigBootstrapStepSuite.scala
@@ -59,7 +59,7 @@ private[spark] class HadoopConfigBootstrapStepSuite extends SparkFunSuite with B
         dtSecret =
           Some(EXPECTED_SECRET),
         dtSecretName = HADOOP_KERBEROS_SECRET_NAME,
-        dtSecretLabel = ""))
+        dtSecretItemKey = ""))
   }
 
   test("Test modification of driverSpec with Hadoop Steps") {
diff --git a/resource-managers/kubernetes/core/src/test/scala/org/apache/spark/deploy/kubernetes/submit/submitsteps/hadoopsteps/HadoopKerberosKeytabResolverStepSuite.scala b/resource-managers/kubernetes/core/src/test/scala/org/apache/spark/deploy/kubernetes/submit/submitsteps/hadoopsteps/HadoopKerberosKeytabResolverStepSuite.scala
@@ -56,14 +56,16 @@ private[spark] class HadoopKerberosKeytabResolverStepSuite extends SparkFunSuite
       "",
       "")
     val returnContainerSpec = keytabStep.configureContainers(hadoopConfSpec)
-    assert(returnContainerSpec.additionalDriverSparkConf(HADOOP_KERBEROS_CONF_LABEL)
+    assert(returnContainerSpec.additionalDriverSparkConf(HADOOP_KERBEROS_CONF_ITEM_KEY)
         .contains(KERBEROS_SECRET_LABEL_PREFIX))
     assert(returnContainerSpec.additionalDriverSparkConf(HADOOP_KERBEROS_CONF_SECRET) ===
       HADOOP_KERBEROS_SECRET_NAME)
     assert(returnContainerSpec.driverContainer.getName == DRIVER_CONTAINER_NAME)
     assert(returnContainerSpec.driverPod.getMetadata.getLabels.asScala === POD_LABEL)
-    assert(returnContainerSpec.dtSecretLabel.contains(KERBEROS_SECRET_LABEL_PREFIX))
+    assert(returnContainerSpec.dtSecretItemKey.contains(KERBEROS_SECRET_LABEL_PREFIX))
     assert(returnContainerSpec.dtSecretName === HADOOP_KERBEROS_SECRET_NAME)
+    assert(returnContainerSpec.dtSecret.get.getMetadata.getLabels.asScala ===
+      Map("refresh-hadoop-tokens" -> "yes"))
     assert(returnContainerSpec.dtSecret.nonEmpty)
     assert(returnContainerSpec.dtSecret.get.getMetadata.getName === HADOOP_KERBEROS_SECRET_NAME)
   }
diff --git a/resource-managers/kubernetes/core/src/test/scala/org/apache/spark/deploy/kubernetes/submit/submitsteps/hadoopsteps/HadoopKerberosSecretResolverStepSuite.scala b/resource-managers/kubernetes/core/src/test/scala/org/apache/spark/deploy/kubernetes/submit/submitsteps/hadoopsteps/HadoopKerberosSecretResolverStepSuite.scala
@@ -29,15 +29,15 @@ private[spark] class HadoopKerberosSecretResolverStepSuite extends SparkFunSuite
   private val POD_LABEL = Map("bootstrap" -> "true")
   private val DRIVER_CONTAINER_NAME = "driver-container"
   private val TOKEN_SECRET_NAME = "secretName"
-  private val TOKEN_SECRET_LABEL = "secretLabel"
+  private val TOKEN_SECRET_DATA_ITEM_KEY = "secretItemKey"
 
   test("Testing kerberos with Secret") {
     val keytabStep = new HadoopKerberosSecretResolverStep(
       new SparkConf(),
       TOKEN_SECRET_NAME,
-      TOKEN_SECRET_LABEL)
+      TOKEN_SECRET_DATA_ITEM_KEY)
     val expectedDriverSparkConf = Map(
-      HADOOP_KERBEROS_CONF_LABEL -> TOKEN_SECRET_LABEL,
+      HADOOP_KERBEROS_CONF_ITEM_KEY -> TOKEN_SECRET_DATA_ITEM_KEY,
       HADOOP_KERBEROS_CONF_SECRET -> TOKEN_SECRET_NAME)
     val hadoopConfSpec = HadoopConfigSpec(
       Map.empty[String, String],
@@ -57,7 +57,7 @@ private[spark] class HadoopKerberosSecretResolverStepSuite extends SparkFunSuite
     assert(returnContainerSpec.driverContainer.getName == DRIVER_CONTAINER_NAME)
     assert(returnContainerSpec.driverPod.getMetadata.getLabels.asScala === POD_LABEL)
     assert(returnContainerSpec.dtSecret === None)
-    assert(returnContainerSpec.dtSecretLabel === TOKEN_SECRET_LABEL)
+    assert(returnContainerSpec.dtSecretItemKey === TOKEN_SECRET_DATA_ITEM_KEY)
     assert(returnContainerSpec.dtSecretName === TOKEN_SECRET_NAME)
   }
 }
diff --git a/resource-managers/kubernetes/core/src/test/scala/org/apache/spark/deploy/kubernetes/submit/submitsteps/hadoopsteps/HadoopStepsOrchestratorSuite.scala b/resource-managers/kubernetes/core/src/test/scala/org/apache/spark/deploy/kubernetes/submit/submitsteps/hadoopsteps/HadoopStepsOrchestratorSuite.scala
@@ -35,7 +35,6 @@ private[spark] class HadoopStepsOrchestratorSuite extends SparkFunSuite {
     val steps = hadoopOrchestrator.getHadoopSteps()
     assert(steps.length === 1)
     assert(steps.head.isInstanceOf[HadoopConfMounterStep])
-    assert(true)
   }
 
   test("Testing with Keytab Kerberos Login") {
@@ -72,7 +71,7 @@ private[spark] class HadoopStepsOrchestratorSuite extends SparkFunSuite {
     val sparkTestConf = new SparkConf(true)
       .set(KUBERNETES_KERBEROS_SUPPORT, true)
       .set(KUBERNETES_KERBEROS_DT_SECRET_NAME, "dtSecret")
-      .set(KUBERNETES_KERBEROS_DT_SECRET_LABEL, "dtLabel")
+      .set(KUBERNETES_KERBEROS_DT_SECRET_ITEM_KEY, "dtItemKey")
     val hadoopOrchestrator = new HadoopStepsOrchestrator(
       NAMESPACE,
       HADOOP_CONFIG_MAP,

Original file line number	Diff line number	Diff line change
`@@ -42,7 +42,7 @@ private[spark] class HadoopConfigBootstrapStep(`
`42`	`42`	`additionalDriverSparkConf = Map.empty[String, String],`
`43`	`43`	`dtSecret = None,`
`44`	`44`	`dtSecretName = HADOOP_KERBEROS_SECRET_NAME,`
`45`		`- dtSecretLabel = "")`
	`45`	`+ dtSecretItemKey = "")`
`46`	`46`	`for (nextStep <- hadoopConfigurationSteps) {`
`47`	`47`	`currentHadoopSpec = nextStep.configureContainers(currentHadoopSpec)`
`48`	`48`	`}`