- Notifications
You must be signed in to change notification settings - Fork2.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
[ZEPPELIN-6144] Add Helm chart for deploying Zeppelin on Kubernetes#4896
base:master
Are you sure you want to change the base?
Conversation
Signed-off-by: Yi Chen <github@chenyicn.net>
70e0979 todc4a8e8CompareSigned-off-by: Yi Chen <github@chenyicn.net>
Signed-off-by: Yi Chen <github@chenyicn.net>
Signed-off-by: Yi Chen <github@chenyicn.net>
Signed-off-by: Yi Chen <github@chenyicn.net>
Signed-off-by: Yi Chen <github@chenyicn.net>
Signed-off-by: Yi Chen <github@chenyicn.net>
Signed-off-by: Yi Chen <github@chenyicn.net>
Signed-off-by: Yi Chen <github@chenyicn.net>
Signed-off-by: Yi Chen <github@chenyicn.net>
Signed-off-by: Yi Chen <github@chenyicn.net>
Signed-off-by: Yi Chen <github@chenyicn.net>
Signed-off-by: Yi Chen <github@chenyicn.net>
| envFrom: | ||
| - configMapRef: | ||
| name: {{ include "zeppelin.envConfigMapName" . }} | ||
| volumeMounts: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Zeppelin also has a configuration directory where it stores the system state. When you restart pod, these files will be reset and return to their original state. It is necessary to provide the ability to use pvc to store configs
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
@Armadik Yes, you can configure the helm chart to mount a PVC to the server pod in order to persist config files likeshiro.ini andinterpreter.json.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
In my opinion, the shiro.ini should be mounted via ConfigMap just like the logging configuration.
Onlycredentials.json,interpreter.json andnotebook-authorization.json should be outsourced. This can be done withZEPPELIN_CONFIG_FS_DIR.
Other environment variables which should link to a pvc areZEPPELIN_NOTEBOOK_DIR andZEPPELIN_SEARCH_INDEX_PATH.
I currently use the following environment variables. The PVC is mounted under/data.
ZEPPELIN_CONFIG_FS_DIR=/data/zeppelin-configZEPPELIN_NOTEBOOK_DIR=/data/zeppelin-notebookZEPPELIN_SEARCH_INDEX_PATH=/data/lucene-indexSigned-off-by: Yi Chen <github@chenyicn.net>
@Reamer Please take a look again when you have time, thank you! We have already used this Helm chart in the production environment to do interactive analysis with Spark. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I just had a quick look at the change and left you a few comments. I'm more of a friend of Kustomize, but I also know that Helm is more powerful.
The changes definitely look much better than before with the dns and nginx.
| export ZEPPELIN_K8S_SERVICE_NAME={{ include "zeppelin.server.serviceName" . }} | ||
| export ZEPPELIN_K8S_SPARK_CONTAINER_IMAGE={{ include "zeppelin.interpreter.spark.image" . }} | ||
| zeppelin-site.xml: | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Please carry out a configuration on environment variables. This configuration is easier to understand and does not require an additional xsl file.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I think it would be better to provide both methods. One can choose to configure the Zeppelin conf withserver.conf or configure the environment variables withserver.env /server.envFrom value, and let users to choose whatever they like.
| # limitations under the License. | ||
| # | ||
| # | ||
| # [name] [maven artifact] [description] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
For which functionality is this file required?
| limitations under the License. | ||
| */ -}} | ||
| apiVersion: rbac.authorization.k8s.io/v1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Please note that Role, ServiceAccount and Role binding are only required for the Spark interpreter. How is this implemented?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
This logic is implemented ininterpreter-spec.yaml file, we will not mount the service account token except for the interpreter group name isspark, see :https://github.com/ChenYi015/zeppelin/blob/beea9837983b16e50e1be9ca56c49d828148ffeb/charts/zeppelin/templates/interpreter/configmap.yaml#L165-L170.
| {{ $key }} {{ $value }} | ||
| {{- end }} | ||
| driver-pod-template.yaml: | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
The driver pod is created directly by Zeppelin. I think this file has no effect on an already existing pod. Zeppelin starts the Driver Pod in client mode.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
You are right, the driver pod template will not take effect actually.
| {{- toYaml . | nindent 8 }} | ||
| {{- end }} | ||
| executor-pod-template.yaml: | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
This configuration could be used in the Spark driver. I have not yet tried such a template. I currently configure the executors and drivers via the Spark-Config.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Create the executor pod template file for that some fields of the executor pods (e.g. affinity, tolerations) cannot be configured using Spark configuration. Additionally, I believe it is more straightforward to configure the executor pods using a pod template rather than through Spark conf.
| # -- Security context for Zeppelin interpreter containers. | ||
| securityContext: | ||
| runAsNonRoot: true | ||
| runAsUser: 1000 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Please do not enter a fixed UID. Openshift, for example, uses a random UID by default.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I have not tried whether it can work with a random UID. The uid1000 comes from the zeppelin server Dockerfile, ref:
zeppelin/scripts/docker/zeppelin-server/Dockerfile
Lines 79 to 85 inb6e40d4
| USER 1000 | |
| EXPOSE 8080 | |
| ENTRYPOINT ["/usr/bin/tini","--" ] | |
| WORKDIR ${ZEPPELIN_HOME} | |
| CMD ["bin/zeppelin.sh"] |
What is this PR for?
A few sentences describing the overall goals of the pull request's commits.
First time? Check out the contributing guide -https://zeppelin.apache.org/contribution/contributions.html
What type of PR is it?
Feature
What is the Jira issue?
https://issues.apache.org/jira/browse/ZEPPELIN-6144
How should this be tested?
Screenshots (if appropriate)
Questions: