Maniphest T327257

DSE Experiment - User Story 1 (Address Kerberos)
Open, Needs TriagePublic
Actions

Assigned To

None

Authored By

	• EChetty
	Jan 18 2023, 11:46 AM

Tags

Referenced Files

None

Subscribers

Description

User Story

As a data scientist, data engineer, or machine learning analyst, I want to be able to access an HDFS cluster that uses Kerberos from a Kubernetes cluster so that I can easily access and analyse large datasets stored in HDFS without having to manually configure authentication and authorisation.

Tasks

Sprint 9 https://phabricator.wikimedia.org/T327257

Acceptance Criteria

The person should be able to access and load data stored in HDFS from a K8 Pod.
The user should be able to do this securely and with minimal configuration.

Outstanding Questions:

Can a user use their existing credentials or will it be a shared key?
Is there a sufficiently robust audit trail?

Related Objects
Search...

		Status	Subtype	Assigned	Task
		In Progress		None	T327267 Data Science and Engineering Kubernetes Cluster Experiment
		Open		None	T327257 DSE Experiment - User Story 1 (Address Kerberos)
		Open		nfraison	T330162 Research and test methods for accessing kerberized services from spark running on the DSE K8S cluster

Event Timeline

• EChetty created this task.Jan 18 2023, 11:46 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 18 2023, 11:46 AM

• EChetty mentioned this in T327267: Data Science and Engineering Kubernetes Cluster Experiment.Jan 18 2023, 12:10 PM

• EChetty added a parent task: T327267: Data Science and Engineering Kubernetes Cluster Experiment.

• EChetty moved this task from Backlog to To be discussed on the Shared-Data-Infrastructure board.Jan 18 2023, 12:18 PM

• EChetty moved this task from To be discussed to EQ2 Kanban (Sprints 04-07) on the Shared-Data-Infrastructure board.Jan 23 2023, 1:31 PM

• EChetty edited projects, added Shared-Data-Infrastructure (EQ2 Kanban (Sprints 04-07)); removed Shared-Data-Infrastructure.

• EChetty moved this task from EQ2 Kanban (Sprints 04-07) to Shared-Data-Infra Sprint 10 on the Shared-Data-Infrastructure board.Feb 6 2023, 12:59 PM

• EChetty edited projects, added Shared-Data-Infrastructure (Shared-Data-Infra Sprint 10); removed Shared-Data-Infrastructure (EQ2 Kanban (Sprints 04-07)).

nfraison claimed this task.Feb 21 2023, 1:01 PM

nfraison moved this task from Next Up to In Progress on the Shared-Data-Infrastructure (Shared-Data-Infra Sprint 10) board.

Side note for my comprehension of our current setup:

We will rely on https://github.com/GoogleCloudPlatform/spark-on-k8s-operator
Still need https://phabricator.wikimedia.org/T322635 and https://phabricator.wikimedia.org/T318926 to be done -> https://gerrit.wikimedia.org/r/c/operations/deployment-charts/+/855674/ (create spark operator charts)
Docker image in https://gerrit.wikimedia.org/r/operations/docker-images/production-images
Helm charts in https://gerrit.wikimedia.org/r/operations/deployment-charts
Run of operator, drivers and executors is currently limited to spark namespace (probably to discuss)

JArguello-WMF added a project: Epic.Feb 21 2023, 1:40 PM

nfraison removed nfraison as the assignee of this task.Feb 21 2023, 2:33 PM

nfraison moved this task from In Progress to Next Up on the Shared-Data-Infrastructure (Shared-Data-Infra Sprint 10) board.

nfraison added a subtask: T330162: Research and test methods for accessing kerberized services from spark running on the DSE K8S cluster.

nfraison added a subscriber: nfraison.

JArguello-WMF updated the task description. (Show Details)Feb 21 2023, 2:41 PM

JArguello-WMF edited projects, added Shared-Data-Infrastructure; removed Shared-Data-Infrastructure (Shared-Data-Infra Sprint 10).Tue, Mar 14, 3:49 PM

JArguello-WMF moved this task from Backlog to Epics on the Shared-Data-Infrastructure board.