Skip to content

Commit 984e5b2

Browse files
Felix Hennigrazvanadwk67
committed
RBAC Setup for Spark Driver (#39)
## Description - Adds a new ClusterRole to the Helm Chart that is used by spark-submit and the driver pod to manage pods & services. - Adds code that generates a `ServiceAccount` and `RoleBinding` to the role for every `SparkApplication`. The account is deleted once the application is deleted. fixes #29 Co-authored-by: Razvan-Daniel Mihai <[email protected]> Co-authored-by: Andrew Kenworthy <[email protected]>
1 parent 4ff94bc commit 984e5b2

File tree

18 files changed

+250
-957
lines changed

18 files changed

+250
-957
lines changed

CHANGELOG.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ All notable changes to this project will be documented in this file.
66

77
### Added
88

9+
- ServiceAccount, ClusterRole and RoleBinding for Spark driver ([#39])
910
- Initial commit
1011

11-
### Changed
12-
12+
[#39]: https://github.com/stackabletech/spark-k8s-operator/pull/39

deploy/helm/spark-operator/templates/roles.yaml renamed to deploy/helm/spark-k8s-operator/templates/roles.yaml

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,12 @@ rules:
1111
verbs:
1212
- list
1313
- watch
14+
- apiGroups:
15+
- ""
16+
resources:
17+
- persistentvolumeclaims
18+
verbs:
19+
- list
1420
- apiGroups:
1521
- ""
1622
resources:
@@ -75,17 +81,17 @@ rules:
7581
verbs:
7682
- create
7783
- apiGroups:
78-
- {{ include "operator.name" . }}.stackable.tech
84+
- spark.stackable.tech
7985
resources:
80-
- {{ include "operator.name" . }}clusters
86+
- sparkapplications
8187
verbs:
8288
- get
8389
- list
8490
- patch
8591
- watch
8692
- apiGroups:
87-
- {{ include "operator.name" . }}.stackable.tech
93+
- spark.stackable.tech
8894
resources:
89-
- {{ include "operator.name" . }}clusters/status
95+
- sparkapplications/status
9096
verbs:
9197
- patch

deploy/helm/spark-k8s-operator/templates/spark-clusterrole.yaml

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
---
2+
apiVersion: rbac.authorization.k8s.io/v1
3+
kind: ClusterRole
4+
metadata:
5+
name: spark-driver-edit-role
6+
rules:
7+
- apiGroups: [""]
8+
resources: ["pods", "services", "configmaps"]
9+
verbs: ["get", "list", "watch", "create", "delete"]
10+
- apiGroups:
11+
- ""
12+
resources:
13+
- persistentvolumeclaims
14+
verbs:
15+
- list

deploy/helm/spark-operator/.helmignore

Lines changed: 0 additions & 28 deletions
This file was deleted.

deploy/helm/spark-operator/Chart.yaml

Lines changed: 0 additions & 10 deletions
This file was deleted.

deploy/helm/spark-operator/README.md

Lines changed: 0 additions & 33 deletions
This file was deleted.

0 commit comments

Comments
 (0)