[SPARK-24960][K8S] explicitly expose ports on driver container #21884
Conversation
|
can you update the format of the title and description as described here |
adelbertc
force-pushed
the
k8s-expose-driver-ports
branch
from
48d07c5 to
c537779
Compare
adelbertc
changed the title
|
@felixcheung Done I think, is that OK? |
|
This needs a Spark ticket. I also don't think pods specifically have to expose ports. My understanding was that the ports field on the pod was only to assign ports names, so that the ports can be referenced by name and not by number on service objects. |
adelbertc
force-pushed
the
k8s-expose-driver-ports
branch
from
c537779 to
a2f2667
Compare
adelbertc
changed the title
|
@mccheah Done https://issues.apache.org/jira/browse/SPARK-24960 Re: Exposing ports, my understanding of Kubernetes' networking model is it is possible for a cluster to be setup such that Pod ports are closed, perhaps as a security measure. At least in our Kubernetes cluster (tested both on 1.6.x and 1.8.x) the SparkPi example failed with a connection error without this change, and succeeded after. (I've also added this information to the JIRA) |
| val driverContainer = new ContainerBuilder(pod.container) | ||
| .withName(DRIVER_CONTAINER_NAME) | ||
| .withImage(driverContainerImage) | ||
| .withImagePullPolicy(conf.imagePullPolicy()) | ||
| .addNewPort() |
There was a problem hiding this comment.
The driver UI port should also be explicitly exposed.
@adelbertc Just to clarify, by "succeeded later", do you mean after this change was applied? Or do you mean "succeeded later" as in a retry worked with the same code? |
adelbertc
force-pushed
the
k8s-expose-driver-ports
branch
from
a2f2667 to
1fc6faa
Compare
|
@mccheah After the change was applied |
|
Can you quickly change |
|
Actually can you also update the unit test? Thanks! |
adelbertc
force-pushed
the
k8s-expose-driver-ports
branch
from
1fc6faa to
9000a2f
Compare
adelbertc
changed the title
|
@mccheah Done and done |
| @@ -87,6 +87,10 @@ class BasicDriverFeatureStepSuite extends SparkFunSuite { | |||
| assert(configuredPod.container.getImage === "spark-driver:latest") | |||
| assert(configuredPod.container.getImagePullPolicy === CONTAINER_IMAGE_PULL_POLICY) | |||
|
|
|||
| val expectedPortNames = Set(DRIVER_PORT_NAME, BLOCK_MANAGER_PORT_NAME, UI_PORT_NAME) | |||
| val foundPortNames = configuredPod.container.getPorts.asScala.map(port => port.getName).toSet | |||
There was a problem hiding this comment.
Better to be safer here and check the protocol and the target port numbers. You can just compare against a list of expected ContainerPort objects - Kubernetes objects in our Java API have been good about giving us sane equals implementations.
adelbertc
force-pushed
the
k8s-expose-driver-ports
branch
from
9000a2f to
4215fc2
Compare
|
@mccheah Done - unfortunately I seem to be having some issues running tests locally, I assume there is some CI checking this as well? |
|
ok to test |
|
|
||
| def containerPort(name: String, portNumber: Int): ContainerPort = { | ||
| val port = new ContainerPort() | ||
| port.setName(name) |
There was a problem hiding this comment.
Looks like the indention here is incorrect.
There was a problem hiding this comment.
@liyinan926 Is it? It looks OK on my end I think unless I'm missing something
There was a problem hiding this comment.
Sorry my bad, I misread it as something like:
return new ContainerPort()
.setName(name)
...
|
Kubernetes integration test starting |
|
Kubernetes integration test status success |
|
jenkins, test this please |
|
(Not sure why the unit test build didn't run just now, only the integration tests did) |
|
Kubernetes integration test starting |
|
Kubernetes integration test status success |
|
@shaneknapp the unit test build doesn't seem to be triggering on this PR, any idea as to what's going on? |
| @@ -203,4 +212,12 @@ class BasicDriverFeatureStepSuite extends SparkFunSuite { | |||
| "spark.files" -> "https://localhost:9000/file1.txt,/opt/spark/file2.txt") | |||
| assert(additionalProperties === expectedSparkConf) | |||
| } | |||
|
|
|||
| def containerPort(name: String, portNumber: Int): ContainerPort = { | |||
| val port = new ContainerPort() | |||
|
jenkins test this please |
|
@mccheah the tests didn't run because you're not an admin for the regular (non-k8s) pull request builder. i added you to that list and you'll be able to trigger tests now. |
|
Kubernetes integration test starting |
|
Kubernetes integration test status success |
|
Test build #93901 has finished for PR 21884 at commit
|
adelbertc
force-pushed
the
k8s-expose-driver-ports
branch
from
4215fc2 to
66d1e62
Compare
|
Thanks @shaneknapp, I'll merge this now. |
|
Thanks @adelbertc for the contribution! |
|
Kubernetes integration test starting |
|
Kubernetes integration test status success |
https://issues.apache.org/jira/browse/SPARK-24960
What changes were proposed in this pull request?
Expose ports explicitly in the driver container. The driver Service created expects to reach the driver Pod at specific ports which before this change, were not explicitly exposed and would likely cause connection issues (see apache-spark-on-k8s#617).
This is a port of the original PR created in the now-deprecated Kubernetes fork: apache-spark-on-k8s#618
How was this patch tested?
Failure in apache-spark-on-k8s#617 reproduced on Kubernetes 1.6.x and 1.8.x. Built the driver image with this patch and observed fixed apache-spark-on-k8s#617 on Kubernetes 1.6.x.