Basic Secure HDFS Support [514]

docs/running-on-kubernetes.md

@@ -784,7 +784,7 @@ from the other deployment modes. See the [configuration page](configuration.html
   <td>(none)</td>
   <td>
     Assuming you have set <code>spark.kubernetes.kerberos.enabled</code> to be true. This will let you specify 
-    the principal that you wish to use to handle renewing of Delegation Tokens. This is optional as you 
+    the principal that you wish to use to handle renewing of Delegation Tokens. This is optional as 
     we will set the principal to be the job users principal by default.
   </td>
 </tr>

resource-managers/kubernetes/core/src/main/scala/org/apache/spark/deploy/k8s/HadoopConfBootstrap.scala

@@ -57,9 +57,9 @@ private[spark] class HadoopConfBootstrapImpl(
       .editSpec()
         .addNewVolume()
           .withName(HADOOP_FILE_VOLUME)
-            .withNewConfigMap()
-              .withName(hadoopConfConfigMapName)
-              .withItems(keyPaths.asJava)
+          .withNewConfigMap()
+            .withName(hadoopConfConfigMapName)
+            .withItems(keyPaths.asJava)
             .endConfigMap()
           .endVolume()
         .endSpec()

resource-managers/kubernetes/core/src/main/scala/org/apache/spark/deploy/k8s/HadoopUGIUtil.scala

@@ -67,6 +67,7 @@ private[spark] class HadoopUGIUtil{
     val byteStream = new ByteArrayOutputStream
     val dataStream = new DataOutputStream(byteStream)
     creds.writeTokenStorageToStream(dataStream)
+    dataStream.close()
     byteStream.toByteArray
   }
 

resource-managers/kubernetes/core/src/main/scala/org/apache/spark/deploy/k8s/constants.scala

@@ -81,7 +81,6 @@ package object constants {
   private[spark] val ENV_SPARK_USER = "SPARK_USER"
 
   // Bootstrapping dependencies with the init-container
-  private[spark] val INIT_CONTAINER_ANNOTATION = "pod.beta.kubernetes.io/init-containers"
   private[spark] val INIT_CONTAINER_SECRET_VOLUME_MOUNT_PATH =
     "/mnt/secrets/spark-init"
   private[spark] val INIT_CONTAINER_SUBMITTED_JARS_SECRET_KEY =
@@ -107,7 +106,7 @@ package object constants {
   private[spark] val ENV_HADOOP_CONF_DIR = "HADOOP_CONF_DIR"
   private[spark] val HADOOP_CONF_DIR_LOC = "spark.kubernetes.hadoop.conf.dir"
   private[spark] val HADOOP_CONFIG_MAP_SPARK_CONF_NAME =
-    "spark.kubernetes.hadoop.executor.hadoopconfigmapname"
+    "spark.kubernetes.hadoop.executor.hadoopConfigMapName"
 
   // Kerberos Configuration
   private[spark] val HADOOP_KERBEROS_SECRET_NAME =

resource-managers/kubernetes/core/src/main/scala/org/apache/spark/deploy/k8s/submit/submitsteps/hadoopsteps/HadoopKerberosKeytabResolverStep.scala

@@ -50,7 +50,7 @@ private[spark] class HadoopKerberosKeytabResolverStep(
   maybePrincipal: Option[String],
   maybeKeytab: Option[File],
   maybeRenewerPrincipal: Option[String],
-  hadoopUGI: HadoopUGIUtil) extends HadoopConfigurationStep with Logging{
+  hadoopUGI: HadoopUGIUtil) extends HadoopConfigurationStep with Logging {
     private var originalCredentials: Credentials = _
     private var dfs : FileSystem = _
     private var renewer: String = _
@@ -59,7 +59,7 @@ private[spark] class HadoopKerberosKeytabResolverStep(
 
     override def configureContainers(hadoopConfigSpec: HadoopConfigSpec): HadoopConfigSpec = {
       val hadoopConf = SparkHadoopUtil.get.newConfiguration(submissionSparkConf)
-      if (hadoopUGI.isSecurityEnabled) logDebug("Hadoop not configured with Kerberos")
+      if (!hadoopUGI.isSecurityEnabled) logDebug("Hadoop not configured with Kerberos")
       val maybeJobUserUGI =
         for {
           principal <- maybePrincipal