[DOCS][SPARK-620] Update docs for binary secrets in DC/OS 1.11 #282
Conversation
There was a problem hiding this comment.
Looks good @susanxhuynh. I have to run to another meeting now.
One other comment. We don't use base64-encoded consistently as we usually drop the -. I would say that it should be present when this is an adjective.
|
|
||
| **Note:** The secret name **must** be prefixed with `__dcos_base64__`. | ||
|
|
||
| When the `some/path/__dcos_base64__mysecret` secret is referenced in your `dcos spark run` command, its base64-decoded |
There was a problem hiding this comment.
Question: Is it referenced in the command or in some service specification (as is used here: https://github.com/mesosphere/dcos-commons/blob/6da53edd1ff5392986bef5096a8c7a96470c64eb/docs/pages/_includes/services/overview.md#binary-secrets)? I'm ok leaving it as is though.
There was a problem hiding this comment.
In Spark, it's referenced in the Spark "run" command.
docs/security.md
Outdated
| @@ -103,7 +125,7 @@ sources (i.e. files and environment variables). For example | |||
| ``` | |||
| will place the content of `spark/my-secret-file` into the `PLACEHOLDER` environment variable and the `target-secret-file` file | |||
| as well as the content of `spark/my-secret-envvar` into the `SECRET_ENVVAR` and `placeholder-file`. In the case of binary | |||
| secrets (tagged with `__dcos_base64__`, for example) the environment variable will still be empty because environment | |||
| secrets, the environment variable will still be empty because environment | |||
There was a problem hiding this comment.
Nit: I don't think this comma is required.
There was a problem hiding this comment.
The wording "environment variables cannot be assigned to binary values" seems in the wrong order (or the "to" should be removed).
docs/security.md
Outdated
|
|
||
| **Note:** The base64 string of the keystore will probably be much longer than the snippet above, spanning 50 lines or | ||
| so. | ||
| **DC/OS 1.10 or lower:** Since both stores are binary files, they must be base64-encoded before being placed in the |
There was a problem hiding this comment.
The DC/OS 1.10 note could be placed after the instructions?
There was a problem hiding this comment.
Yes, good point.
* [DOCS][SPARK-620] Updated section on binary secrets for DC/OS 1.11. * Updated TLS section * Updated Kerberos doc * Updated usage examples and walkthroughs. * Some edits based on Evan's feedback.
This PR updates the Spark docs regarding the support for binary secrets in DC/OS 1.11.
__dcos_commons__prefix from examples, pointing 1.10 users to the above section to read about encoding.