[Merged by Bors] - Allow enabling secure mode with Kerberos #334
Conversation
…o jn because of DNS problems
…he datanode wait-for-namenodes init containers fails because it's stupid any requires the dfs.namenode.kerberos.principal setting (and ignores the dfs.namenode.kerberos.principal.pattern) (hdfs will start anyway)
sbernauer
force-pushed
the
spike/security2
branch
from
9ee175a
to
0edee66
Compare
…service_name (#568) ## Description Needed for stackabletech/hdfs-operator#334 and stackabletech/hdfs-operator#178
sbernauer
force-pushed
the
spike/security2
branch
from
5afdc4d
to
3b6d52d
Compare
| @@ -0,0 +1,49 @@ | |||
| # Tribute to https://github.com/Netflix/chaosmonkey | |||
|
|
|||
| # We need to force-delete the Pods, because IONOS is sometimes unable to delete the pod (it's stuck in Terminating for > 20 minutes) | |||
There was a problem hiding this comment.
That's worrying... do we have access to IONOS' kubelet logs? Is this an IONOS-only issue?
There was a problem hiding this comment.
Have to admit I'm not sure if we have access to the kubelet logs. Test passed on Azure however
There was a problem hiding this comment.
Update: Support recommended using https://github.com/kvaps/kubectl-node-shell, which worked.
Sadly it only logs stuff during startup and than remains silent.
journalctl -u kubelet --since "48 hour ago"
-- Logs begin at Sat 2023-06-03 19:51:35 UTC, end at Tue 2023-06-06 12:01:05 UTC. --
-- No entries --
Anyway, even with force deletion tests have random timeouts on IONOS after we added the chaosmonkey. Everything is really slow
This is not needed any more after changing the princial names to not contain _HOST
|
Should be ready to be merged 👍 |
|
Tests passed. |
|
All that and I forgot the CHANGELOG :D I have 4 testclusters running since this morning, let's wait some time with merging to see if they survive |
|
All 4 clusters are still healthy, merging this |
|
bors r+ |
# Description Closes #178 Fixes #338 TODOs - [x] Release new Hadoop image with openssl and Kerberos clients use in docs and tests - [x] Release and use operator-rs change - [x] Fix hardcoded `kinit nn/simple-hdfs-namenode-default.default.svc.cluster.local@CLUSTER.LOCAL -kt /stackable/kerberos/keytab` in entrypoints - [x] Go through all hadoop settings and see if they can be improved - [X] Test different realms - [x] Discuss CRD change - [x] Discuss how to expose this in Discovery CM -> During on-site 2023/05 we have decided to ship this feature without exposing it via discovery *for now* - [x] Implement discovery - [x] Tests - [x] Docs - [x] Let @maltesander have a look how we can better include the init container in the code structure - [x] Test long running cluster (maybe turn down ticket lifetime for that)
|
Pull request successfully merged into main. Build succeeded! The publicly hosted instance of bors-ng is deprecated and will go away soon. If you want to self-host your own instance, instructions are here. If you want to switch to GitHub's built-in merge queue, visit their help page. |
bors
bot
changed the title
Description
Closes #178
Fixes #338
TODOs
kinit nn/simple-hdfs-namenode-default.default.svc.cluster.local@CLUSTER.LOCAL -kt /stackable/kerberos/keytabin entrypointsDefinition of Done Checklist
Author
Reviewer
Acceptance
Once the review is done, comment
bors r+(orbors merge) to merge. Further information