Kerberos support generates invalid Secret Name
rvesse opened this issue · 4 comments
Trying to run a job with Kerberos support, once I get all the configuration and environment correct so that it does the Kerberos login I get an error reported by K8S because the generate secret name is considered invalid:
Exception in thread "main" io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: POST at: https://192.168.0.7:6443/api/v1/namespaces/rvesse/secrets. Message: Secret "spark-test-1519987477468-spark.kubernetes.kerberos.delegationTokenSecretName.1519987479632" is invalid: metadata.name: Invalid value: "spark-test-1519987477468-spark.kubernetes.kerberos.delegationTokenSecretName.1519987479632": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is 'a-z0-9?(.a-z0-9?)'). Received status: Status(apiVersion=v1, code=422, details=StatusDetails(causes=[StatusCause(field=metadata.name, message=Invalid value: "spark-test-1519987477468-spark.kubernetes.kerberos.delegationTokenSecretName.1519987479632": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is 'a-z0-9?(.a-z0-9?)'), reason=FieldValueInvalid, additionalProperties={})], group=null, kind=Secret, name=spark-test-1519987477468-spark.kubernetes.kerberos.delegationTokenSecretName.1519987479632, retryAfterSeconds=null, uid=null, additionalProperties={}), kind=Status, message=Secret "spark-test-1519987477468-spark.kubernetes.kerberos.delegationTokenSecretName.1519987479632" is invalid: metadata.name: Invalid value: "spark-test-1519987477468-spark.kubernetes.kerberos.delegationTokenSecretName.1519987479632": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is 'a-z0-9?(.a-z0-9?)*'), metadata=ListMeta(resourceVersion=null, selfLink=null, additionalProperties={}), reason=Invalid, status=Failure, additionalProperties={}).
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.requestFailure(OperationSupport.java:470)
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.assertResponseCode(OperationSupport.java:409)
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:379)
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:343)
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleCreate(OperationSupport.java:226)
at io.fabric8.kubernetes.client.dsl.base.BaseOperation.handleCreate(BaseOperation.java:769)
at io.fabric8.kubernetes.client.dsl.base.BaseOperation.create(BaseOperation.java:360)
at io.fabric8.kubernetes.client.handlers.SecretHandler.create(SecretHandler.java:42)
at io.fabric8.kubernetes.client.handlers.SecretHandler.create(SecretHandler.java:32)
at io.fabric8.kubernetes.client.dsl.internal.NamespaceVisitFromServerGetWatchDeleteRecreateWaitApplicableListImpl.createOrReplace(NamespaceVisitFromServerGetWatchDeleteRecreateWaitApplicableListImpl.java:208)
at io.fabric8.kubernetes.client.dsl.internal.NamespaceVisitFromServerGetWatchDeleteRecreateWaitApplicableListImpl.createOrReplace(NamespaceVisitFromServerGetWatchDeleteRecreateWaitApplicableListImpl.java:66)
at org.apache.spark.deploy.k8s.submit.Client$$anonfun$run$3.apply(Client.scala:147)
at org.apache.spark.deploy.k8s.submit.Client$$anonfun$run$3.apply(Client.scala:131)
at org.apache.spark.util.Utils$.tryWithResource(Utils.scala:2550)
at org.apache.spark.deploy.k8s.submit.Client.run(Client.scala:131)
at org.apache.spark.deploy.k8s.submit.Client$$anonfun$run$5.apply(Client.scala:200)
at org.apache.spark.deploy.k8s.submit.Client$$anonfun$run$5.apply(Client.scala:193)
at org.apache.spark.util.Utils$.tryWithResource(Utils.scala:2550)
at org.apache.spark.deploy.k8s.submit.Client$.run(Client.scala:193)
at org.apache.spark.deploy.k8s.submit.Client$.main(Client.scala:213)
at org.apache.spark.deploy.k8s.submit.Client.main(Client.scala)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.spark.deploy.SparkSubmit$.org$apache$spark$deploy$SparkSubmit$$runMain(SparkSubmit.scala:786)
at org.apache.spark.deploy.SparkSubmit$.doRunMain$1(SparkSubmit.scala:181)
at org.apache.spark.deploy.SparkSubmit$.submit(SparkSubmit.scala:206)
at org.apache.spark.deploy.SparkSubmit$.main(SparkSubmit.scala:120)
at org.apache.spark.deploy.SparkSubmit.main(SparkSubmit.scala)
I think this is because the last segment is generated with a purely numeric value which fails the validation regex on the API server - [a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)* - that requires every segment to start with a alphabetic character
My Kubernetes version is as follows:
kubectl version
Client Version: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.2", GitCommit:"5fa2db2bd46ac79e5e00a4e6ed24191080aa463b", GitTreeState:"clean", BuildDate:"2018-01-18T10:09:24Z", GoVersion:"go1.9.2", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.1", GitCommit:"3a1c9449a956b6026f075fa3134ff92f7d55f812", GitTreeState:"clean", BuildDate:"2018-01-04T11:40:06Z", GoVersion:"go1.9.2", Compiler:"gc", Platform:"linux/amd64"}
On further analysis the problem is not the numeric segment but the use of the upper case letters
I will hopefully have a PR out for review once I have validated my fix