Page MenuHomePhabricator
Create Task
Maniphest T378920

Determine whether or not we need expose an internal service for yarn
Closed, DeclinedPublic
Actions

Description

We currently configure our data engineering apps specifying the YARN domain to be yarn.wikimedia.org, which is a publicly accessible domain.

When deploying airflow in Kubernetes, we might need to define an external_services entry to allow egress to the domain.

The issue is: yarn.wikimedia.org is a CNAME record that points to dyna.wikimedia.org, the domain serving our ATS reverse proxy. So by allowing egress traffic to yarn.wikimedia.org, we virtually enable egress traffic to all domains proxied by ATS. It might be more prudent to configure Apache with an additional, internal, vhost, such as yarn.discovery.wnnet.

Related Objects
Search...

Event Timeline

brouberol created this task.Nov 4 2024, 8:38 AM
brouberol mentioned this in T377602: Validate that we can submit Spark jobs with Skein in Kubernetes .Nov 6 2024, 11:17 AM
Ottomata added a comment.Nov 6 2024, 2:09 PM

Hm, are we sure we need this? IIRC yarn client handles picking the hostname to talk to directly via yarn ResourceManager HA stuff.

brouberol added a comment.Nov 6 2024, 2:44 PM

I don't think this will be necessary after all, cf our experimentation in https://phabricator.wikimedia.org/T377602

Gehel edited projects, added Data-Platform-SRE (2024.11.09 - 2024.11.29); removed Data-Platform-SRE (2024.10.19 - 2024.11.08).Nov 8 2024, 9:48 AM
BTullis renamed this task from Determine whether we can expose an internal service for yarn to Determine whether or not we need expose an internal service for yarn .Nov 8 2024, 1:26 PM
BTullis updated the task description. (Show Details)
Gehel triaged this task as High priority.Nov 8 2024, 2:23 PM
brouberol closed this task as Declined.Nov 8 2024, 3:28 PM

Based on https://phabricator.wikimedia.org/T377602#10304199, this is not required, as it works as-is.

brouberol moved this task from Backlog - project to Done on the Data-Platform-SRE (2024.11.09 - 2024.11.29) board.Nov 8 2024, 3:28 PM
Gehel moved this task from Done to Reported on the Data-Platform-SRE (2024.11.09 - 2024.11.29) board.Nov 15 2024, 2:22 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits