late-pencil-3873
06/15/2022, 10:56 AMhallowed-mouse-14616
06/15/2022, 11:21 AMflytesnacks
and domain development
will look for a PodTemplate in the flytesnacks-development
namespace). If that PodTemplate does not exist, it then attempts to find on in the namespace that FlytePropeller runs in.hallowed-mouse-14616
06/15/2022, 11:23 AMapiVersion: v1
kind: PodTemplate
metadata:
name: flyte-default-template
namespace: flyte
template:
metadata:
spec:
containers:
- name: noop
image: <http://docker.io/rwgrim/docker-noop|docker.io/rwgrim/docker-noop>
subdomain: "default-subdomain"
Where in this example I defined a noop
container.hallowed-mouse-14616
06/15/2022, 11:23 AMhallowed-mouse-14616
06/15/2022, 11:36 AMlate-pencil-3873
06/15/2022, 11:56 AMhallowed-mouse-14616
06/15/2022, 1:51 PMlate-pencil-3873
06/15/2022, 1:54 PMhallowed-mouse-14616
06/15/2022, 1:56 PMhallowed-mouse-14616
06/15/2022, 1:56 PMlate-pencil-3873
06/15/2022, 1:58 PMhallowed-mouse-14616
06/15/2022, 2:02 PMlate-pencil-3873
06/19/2022, 8:40 PM<http://github.com/GoogleCloudPlatform/spark-on-k8s-operator|github.com/GoogleCloudPlatform/spark-on-k8s-operator> v0.0.0-20200723154620-6f35a1152625
.
In this version, SparkPodSpec
has:
// SecurityContenxt specifies the PodSecurityContext to apply.
// +optional
SecurityContenxt *apiv1.PodSecurityContext
Notice the SecurityContext
of type PodSecurityContext
.
In flyteplugins we set the spark pod's security context to the DefaultPodSecurityContext accordingly:
SecurityContenxt: config.GetK8sPluginConfig().DefaultPodSecurityContext.DeepCopy(),
The k8s plugin config has both a DefaultPodSecurityContext
as well as a DefaultSecurityContext
.
In the newer spark-on-k8s-operator versions, this has been fixed and there is now both the PodSecurityContext
as well as the SecurityContext
.
Do you agree that this should be fixed in flyteplugins by using a newer version of the spark-on-k8s-operator?
I tried fixing this but go get -v -u <http://github.com/GoogleCloudPlatform/spark-on-k8s-operator@master|github.com/GoogleCloudPlatform/spark-on-k8s-operator@master>
gives me the following error:
go: <http://github.com/GoogleCloudPlatform/spark-on-k8s-operator@v0.0.0-20220615230608-94775cd89ca0|github.com/GoogleCloudPlatform/spark-on-k8s-operator@v0.0.0-20220615230608-94775cd89ca0> requires
<http://k8s.io/kubernetes@v1.19.6|k8s.io/kubernetes@v1.19.6> requires
<http://k8s.io/api@v0.0.0|k8s.io/api@v0.0.0>: reading <http://k8s.io/api/go.mod|k8s.io/api/go.mod> at revision v0.0.0: unknown revision v0.0.0
This appears to be a known issue due to the way k8s uses its go.mod
and people have written bash scripts to work around this.
I wonder whether you are others within flyteorg have experienced this before and can give me a hint how to handle this (in case you agree that upgrading spark-on-k8s-operator makes sense).
Thanks 🙂freezing-airport-6809
freezing-airport-6809
hallowed-mouse-14616
06/22/2022, 4:02 AMreplace
commands for all of the k8s internal dependencies because the kubernetes repo is not meant to be a dependency so they declare v0.0.0 for all and use replace
to point to a local version. Is this going to be a fix we can isolate to flyteplugins? Or would this need to be in flytepropeller as well? Not sure how replace cascades in the build.
I think that integrating a script to pull k8s dependencies and insert replace statements in the go.mod may be solution? @high-park-82026 / @great-school-54368 thoughts?late-pencil-3873
06/23/2022, 4:27 PMreplace
via the script in flyteplugins works without cascading to flytepropeller @hallowed-mouse-14616.hallowed-mouse-14616
06/23/2022, 5:34 PMlate-pencil-3873
06/26/2022, 9:35 PMreplace
instructions for all used k8s packages (to later test whether this workaround can be used in flyteplugins without cascading to flytepropeller). Works smoothly.
In order to get the tests green again, I’m now working on fixing tasks/pluginmachinery/k8s/client.go
since <http://sigs.k8s.io/controller-runtime|sigs.k8s.io/controller-runtime>
is updated from v0.8.2
to v0.12.2
and two tags after v0.8.2
, in v0.9.0-alpha.0
, the ClientBuilder
which flyteplugins uses here was deprecated in favor of NewClientFunc
(see commit message).
I haven’t figured out how to adapt flyteplugins to that change yet but will continue working on this in the next few days…
Might have to get back to you for some guidance 😅🙏hallowed-mouse-14616
07/18/2022, 4:53 PMlate-pencil-3873
07/19/2022, 11:46 AMlate-pencil-3873
07/25/2022, 11:51 PMhallowed-mouse-14616
07/26/2022, 1:51 PMPodSecurityContext
the only field that we're gaining by an upgrade the latest spark operator?freezing-airport-6809
late-pencil-3873
07/26/2022, 4:35 PMPodSecurityContext
. I will time-box this effort.
• I will transfer all fields from the k8s plugin config that can be set with the current spark-on-k8s version (which would solve my current problem of using the default tolerations) and I would be happy to upgrade spark-on-k8s and also other plugins later once the plugins have been moved out of core.
Does that make sense to you?hallowed-mouse-14616
07/26/2022, 5:25 PMlate-pencil-3873
07/26/2022, 5:58 PMthankful-minister-83577