DSE Experiment - User Story 1 (Address Kerberos)
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	• EChetty
	Jan 18 2023, 11:46 AM

Description

User Story

As a data scientist, data engineer, or machine learning analyst, I want to be able to access an HDFS cluster that uses Kerberos from a Kubernetes cluster so that I can easily access and analyse large datasets stored in HDFS without having to manually configure authentication and authorisation.

Tasks

Sprint 9 https://phabricator.wikimedia.org/T327257

Acceptance Criteria

The person should be able to access and load data stored in HDFS from a K8 Pod.
The user should be able to do this securely and with minimal configuration.

Outstanding Questions:

Can a user use their existing credentials or will it be a shared key?
Is there a sufficiently robust audit trail?

Related Objects
Search...

Status	Assigned	Task
In Progress	None	T327267 Create a DSE Kubernetes cluster with support for persistent storage from Ceph
Duplicate	None	T327258 DSE Experiment - User Story 2 (Make Compute available)
In Progress	None	T318712 Enable spark jobs on the dse-k8s cluster via the spark-operator
Resolved	BTullis	T327257 DSE Experiment - User Story 1 (Address Kerberos)
Resolved	BTullis	T330162 Research and test methods for accessing kerberized services from spark running on the DSE K8S cluster

Event Timeline

• EChetty created this task.Jan 18 2023, 11:46 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 18 2023, 11:46 AM

• EChetty mentioned this in T327267: Create a DSE Kubernetes cluster with support for persistent storage from Ceph.Jan 18 2023, 12:10 PM

• EChetty added a parent task: T327267: Create a DSE Kubernetes cluster with support for persistent storage from Ceph.

• EChetty moved this task from Backlog to To be discussed on the Shared-Data-Infrastructure board.Jan 18 2023, 12:18 PM

• EChetty moved this task from To be discussed to EQ2 Kanban (Sprints 04-07) on the Shared-Data-Infrastructure board.Jan 23 2023, 1:31 PM

• EChetty edited projects, added Shared-Data-Infrastructure (EQ2 Kanban (Sprints 04-07)); removed Shared-Data-Infrastructure.

• EChetty moved this task from EQ2 Kanban (Sprints 04-07) to 2022-23 Q4 Wrap up on the Shared-Data-Infrastructure board.Feb 6 2023, 12:59 PM

• EChetty edited projects, added Shared-Data-Infrastructure (2022-23 Q4 Wrap up); removed Shared-Data-Infrastructure (EQ2 Kanban (Sprints 04-07)).

• nfraison claimed this task.Feb 21 2023, 1:01 PM

• nfraison moved this task from Next Up to In Progress on the Shared-Data-Infrastructure (2022-23 Q4 Wrap up) board.

Side note for my comprehension of our current setup:

We will rely on https://github.com/GoogleCloudPlatform/spark-on-k8s-operator
Still need https://phabricator.wikimedia.org/T322635 and https://phabricator.wikimedia.org/T318926 to be done -> https://gerrit.wikimedia.org/r/c/operations/deployment-charts/+/855674/ (create spark operator charts)
Docker image in https://gerrit.wikimedia.org/r/operations/docker-images/production-images
Helm charts in https://gerrit.wikimedia.org/r/operations/deployment-charts
Run of operator, drivers and executors is currently limited to spark namespace (probably to discuss)

JArguello-WMF added a project: Epic.Feb 21 2023, 1:40 PM

• nfraison removed • nfraison as the assignee of this task.Feb 21 2023, 2:33 PM

• nfraison moved this task from In Progress to Next Up on the Shared-Data-Infrastructure (2022-23 Q4 Wrap up) board.

• nfraison added a subtask: T330162: Research and test methods for accessing kerberized services from spark running on the DSE K8S cluster.

• nfraison subscribed.

JArguello-WMF updated the task description. (Show Details)Feb 21 2023, 2:41 PM

JArguello-WMF edited projects, added Shared-Data-Infrastructure; removed Shared-Data-Infrastructure (2022-23 Q4 Wrap up).Mar 14 2023, 3:49 PM

JArguello-WMF moved this task from Backlog to Epics on the Shared-Data-Infrastructure board.

JArguello-WMF moved this task from Epics to To be discussed on the Shared-Data-Infrastructure board.Jun 29 2023, 1:42 PM

BTullis closed subtask T330162: Research and test methods for accessing kerberized services from spark running on the DSE K8S cluster as Resolved.Jul 14 2023, 2:50 PM

BTullis edited parent tasks, added: T318712: Enable spark jobs on the dse-k8s cluster via the spark-operator; removed: T327267: Create a DSE Kubernetes cluster with support for persistent storage from Ceph.Jul 18 2023, 11:00 AM

I'm closing this ticket, since the work has now been done.

We have proven that we can access Kerberised services such as HDFS and Presto from Kubernetes.
We have the Spark History Server deployed to production, which reads from HDFS. In addition we have Suuperset, which reads from Presto.

Both of these make use of kerberos-kinit as a sidecar pod for keytab renewal.

DSE Experiment - User Story 1 (Address Kerberos)Closed, ResolvedPublicActions