Allow customizing external URI provision + External URI can be set via annotations #147
Conversation
|
@mccheah FYI, the Travis build failed not because of unit tests but because of style issues:
|
| @@ -106,6 +106,33 @@ The above mechanism using `kubectl proxy` can be used when we have authenticatio | |||
| kubernetes-client library does not support. Authentication using X509 Client Certs and oauth tokens | |||
| is currently supported. | |||
|
|
|||
| ### Determining the Driver Base URI | |||
|
|
|||
| Kubernetes pods run with their own IP address space. If Spark is run in cluster mode, the driver pod may not be | |||
There was a problem hiding this comment.
This could perhaps be more concise or clear. Would appreciate anyone's thoughts on how this could be better explained.
| ShutdownHookManager.DEFAULT_SHUTDOWN_PRIORITY + 1)(() => | ||
| driverServiceManager.handleSubmissionError( | ||
| new SparkException("Submission shutting down early..."))) | ||
| try { |
There was a problem hiding this comment.
@ash211 I swapped the order here of the tryWithResource and try-finally blocks mainly because we want to clean up the secrets and the shutdown hooks after the pod has been launched but also before the application itself completes.
There was a problem hiding this comment.
why do we need to do switch to shutdown hooks? those accumulate this global state and you start ending up having ordering issues (like you had with priorities) that I think is best avoided. Can we keep as try-finally blocks instead?
There was a problem hiding this comment.
try-finally doesn't catch the case when the JVM is stopped via a kill signal. I suppose the big question mark is if we care about such scenarios. The rest of the Spark ecosystem relies on shutdown hooks greatly to clear up all kinds of temporary state.
| uris = nodeUrls, | ||
| maxRetriesPerServer = 3, | ||
| uris = serviceUris, | ||
| maxRetriesPerServer = 10, |
There was a problem hiding this comment.
It may be the case that the external URI providers take a little longer to be ready. In testing #70 I noticed that the Ingress can take awhile to set up in the background.
| .asScala(0) | ||
| assert(driverService.getMetadata.getAnnotations.containsKey(ANNOTATION_PROVIDE_EXTERNAL_URI), | ||
| "External URI request annotation was not set on the driver service.") | ||
| // Unfortunately we can't check the correctness of the actual value of the URI, as it depends |
There was a problem hiding this comment.
Although I think this highlights that we have an API discrepancy here. We document that the driverServiceManager will build the service that will end up being used, but the code still manipulates the created service after the fact to avoid exposing the NodePort. There's also the extra configuration parameter spark.kubernetes.driver.service.exposeUiPort. There should be a way to reconcile all of these configurations.
docs/running-on-kubernetes.md
Outdated
|
|
||
| There may be cases where the Kubelet nodes cannot be reached by the submission client. For example, the cluster may | ||
| only be reachable through an external load balancer. The user may provide their own external IP for Spark driver | ||
| services. To use a your own external IP instead of a Kubelet's IP, first set |
There was a problem hiding this comment.
To use a manually-specified external IP instead of a Kubelet's IP, ...
docs/running-on-kubernetes.md
Outdated
| only be reachable through an external load balancer. The user may provide their own external IP for Spark driver | ||
| services. To use a your own external IP instead of a Kubelet's IP, first set | ||
| `spark.kubernetes.driver.serviceManagerType` to `ExternalAnnotation`. This will cause a service to be created that | ||
| routes to the driver pod with the annotation `spark-job.alpha.apache.org/provideExternalUri`. You will need to run a |
There was a problem hiding this comment.
This will create a service with the annotation XYZ that routes to the driver pod
docs/running-on-kubernetes.md
Outdated
| process that watches the API server for services that are created with this annotation in the application's namespace | ||
| (set by `spark.kubernetes.namespace`). The process should determine a URI that routes to this service, and patch the | ||
| service to include an annotation `spark-job.alpha.apache.org/resolvedExternalUri`, which has its value as the external | ||
| URI that your process has provided. |
There was a problem hiding this comment.
provide an example URI, e.g. https://example.com:8080/my-job
docs/running-on-kubernetes.md
Outdated
| kubelet nodes at the port that the Kubelets expose for the service. If the Kubelets cannot be contacted from the | ||
| submitter's machine, consider setting this to <code>ExternalAnnotation</code> as described in "Determining the | ||
| Driver Base URI" above. One may also include a custom implementation of | ||
| <code>org.apache.spark.deploy.rest.kubernetes.DriverServiceManager</code> on the submitter's classpath - |
There was a problem hiding this comment.
the service-loaded class should be the value of that setting? e.g. spark.kubernetes.driver.serviceManagerType =com.mycompany.spark.MyCustomDriverServiceManager ?
There was a problem hiding this comment.
It is not - the value here matches what is returned by DriverServiceManager#getType.
There was a problem hiding this comment.
The advantage of this is that the configuration value becomes easier to set for the things we bundle into it - NodePort vs. ExternalAnnotation and eventually ApiServerProxy is more elegant to remember than full class names.
| </td> | ||
| </tr> | ||
| <tr> | ||
| <td><code>spark.kubernetes.driver.serviceManagerType</code></td> | ||
| <td><code>NodePort</code></td> |
There was a problem hiding this comment.
we should also provide an implementation of this that uploads through the apiserver proxy
There was a problem hiding this comment.
Think this can be left for future work.
|
|
||
| private[spark] class NodePortUrisDriverServiceManager extends DriverServiceManager with Logging { | ||
|
|
||
| override def getDriverServiceSubmissionServerUris(driverService: Service): Set[String] = { |
There was a problem hiding this comment.
put this method at the end so the flow is top to bottom. getServiceManagerType is called first, then customizeDriverService, then getDriverServiceSubmissionServerUris
| "External URI request annotation was not set on the driver service.") | ||
| // Unfortunately we can't check the correctness of the actual value of the URI, as it depends | ||
| // on the driver submission port set on the driver service but we remove that port from the | ||
| // service once the submission is complete. |
There was a problem hiding this comment.
I think this service cleanup after the job is submitted should be part of the plugin point, rather than the core always opinionatedly deleting the service after the job has submitted.
Alternatively the contract could be that any created k8s resources need to have owner references to the service so that when Spark deletes the service the dependent resources are cleaned up too
There was a problem hiding this comment.
It's different here because the service isn't deleted, but rather it is manipulated such that its type becomes ClusterIP and it no longer exposes the submission server over the Node Port. Regardless there is still the question of whether or not the plugin should be the component that makes this decision or if it's universal.
| <td><code>spark.kubernetes.driver.serviceManagerType</code></td> | ||
| <td><code>NodePort</code></td> | ||
| <td> | ||
| A tag indicating which class to use for creating the Kubernetes service and determining its URI for the submission |
There was a problem hiding this comment.
provide a list of bundled implementations in a bullet list here -- right now this is just NodePort and ExternalAnnotation but I also think we should do a ServerApi also
There was a problem hiding this comment.
Didn't want to try to embed a bullet-list in the table - but added the valid values in prose form.
| ShutdownHookManager.DEFAULT_SHUTDOWN_PRIORITY + 1)(() => | ||
| driverServiceManager.handleSubmissionError( | ||
| new SparkException("Submission shutting down early..."))) | ||
| try { |
There was a problem hiding this comment.
why do we need to do switch to shutdown hooks? those accumulate this global state and you start ending up having ordering issues (like you had with priorities) that I think is best avoided. Can we keep as try-finally blocks instead?
| kubernetesResourceCleaner.registerOrUpdateResource(submitServerSecret) | ||
| val sslConfiguration = sslConfigurationProvider.getSslConfiguration() | ||
| // start outer watch for status logging of driver pod | ||
| // only enable interval logging if in waitForAppCompletion mode |
There was a problem hiding this comment.
these comments got disconnected from the LoggingPodStatusWatcher code
|
Haven't done a full review yet of the code. On the docs front, one broad comment: |
|
Also, this PR should be targeted towards k8s-support-alternate-incremental? It is pointing at the ssl branch as of now. |
3e34edb to
ba50538
Compare
|
@foxish any more thoughts on this PR? |
docs/running-on-kubernetes.md
Outdated
|
|
||
| There may be cases where the nodes cannot be reached by the submission client. For example, the cluster may | ||
| only be reachable through an external load balancer. The user may provide their own external IP for Spark driver | ||
| services. To use a your own external IP instead of a node's IP, first set |
docs/running-on-kubernetes.md
Outdated
| services. To use a your own external IP instead of a node's IP, first set | ||
| `spark.kubernetes.driver.serviceManagerType` to `ExternalAnnotation`. A service will be created with the annotation | ||
| `spark-job.alpha.apache.org/provideExternalUri`, and this service routes to the driver pod. You will need to run a | ||
| process that watches the API server for services that are created with this annotation in the application's namespace |
docs/running-on-kubernetes.md
Outdated
| `spark.kubernetes.driver.serviceManagerType` to `ExternalAnnotation`. A service will be created with the annotation | ||
| `spark-job.alpha.apache.org/provideExternalUri`, and this service routes to the driver pod. You will need to run a | ||
| process that watches the API server for services that are created with this annotation in the application's namespace | ||
| (set by `spark.kubernetes.namespace`). The process should determine a URI that routes to this service, and patch the |
There was a problem hiding this comment.
... that routes to this service (potentially configuring infrastructure to handle the URI behind the scenes), and patch ...
docs/running-on-kubernetes.md
Outdated
| URI that your process has provided (e.g. `https://example.com:8080/my-job`). | ||
|
|
||
| Note that if the URI provided by the annotation also provides a base path, the base path should be removed when the | ||
| request is forwarded to the back end pod. |
There was a problem hiding this comment.
I'm not following this sentence. If the Spark code ignores the base path, then let's throw when the external URI provider gives a URI with a base path? Alternatively probably we should support submitting through a base path since some external URI providers may route based on base-path and require the base path for traffic to reach the underlying spark submit service
There was a problem hiding this comment.
The external URI can include a base path, just that when the request reaches the back end pod, the back end pod should be contacted at an empty base path. In the case that you describe where the external URI provider requires a base path, the URI provider should also rewrite the URI when forwarding to the back end to remove the base path. I'm not sure of the best way to phrase this.
There was a problem hiding this comment.
Ah, maybe something like:
Note that the URI provided in the annotation needs to route traffic to the appropriate destination on the pod, which has a fixed path portion of the URI. This means the external URI provider will likely need to rewrite the path from the external URI to the destination on the pod, e.g. https://example.com:8080/spark-app-1/submit will need to route traffic to https://<pod_ip>:<service_port>/path/to/submit. Note that the paths of these two URLs are different.
I'm not sure what the destination /path/to/submit actually is in Spark -- could use some help there.
There was a problem hiding this comment.
Done - the path is empty on the back end.
docs/running-on-kubernetes.md
Outdated
|
|
||
| If the above is confusing, keep in mind that this functionality is only necessary if the submitter cannot reach any of | ||
| the nodes at the driver's node port. It is recommended to use the default configuration with the node port service | ||
| whenever possible. |
There was a problem hiding this comment.
mention that there's a way to serviceload implementations of this here
There was a problem hiding this comment.
I don't think we should include the service loading note here - it's a pretty advanced use case and is already covered in the configuration table below.
There was a problem hiding this comment.
Mostly because this section is confusing as it is - wouldn't want to add to the confusion here.
There was a problem hiding this comment.
Ah right, missed that it's mentioned in the config table.
docs/running-on-kubernetes.md
Outdated
| <td> | ||
| A tag indicating which class to use for creating the Kubernetes service and determining its URI for the submission | ||
| client. Valid values are currently <code>NodePort</code> and <code>ExternalAnnotation</code>. By default, a service | ||
| is created with the NodePort type, and the driver will be contacted at one of the kubelet nodes at the port that the |
There was a problem hiding this comment.
since NodePort is a config value in this paragraph, make sure it's always wrapped in code tags
There was a problem hiding this comment.
It's not exactly a config value when stating "a service is created with the NodePort type" - NodePort is the type of the service in this case. Granted, NodePort is a term that is overloaded in this case. Marked it with code tags anyways.
|
LGTM |
…te-incremental' into external-uri-provider
|
One of the travis checks failed and it looked like a flake (couldn't find |
|
Passed this time -- merging! |
…a annotations (#147) * Listen for annotations that provide external URIs. * FIx scalstyle * Address comments * Fix doc style * Docs updates * Clearly explain path rewrites
…a annotations (#147) * Listen for annotations that provide external URIs. * FIx scalstyle * Address comments * Fix doc style * Docs updates * Clearly explain path rewrites
…a annotations (apache-spark-on-k8s#147) * Listen for annotations that provide external URIs. * FIx scalstyle * Address comments * Fix doc style * Docs updates * Clearly explain path rewrites (cherry picked from commit f0a40b8)
…a annotations (apache-spark-on-k8s#147) * Listen for annotations that provide external URIs. * FIx scalstyle * Address comments * Fix doc style * Docs updates * Clearly explain path rewrites
Closes #140.