Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature: Need support for IRSA for spark-infrastructure helm charts #502

Open
1 task
jocobtt opened this issue Dec 11, 2024 · 0 comments
Open
1 task

Feature: Need support for IRSA for spark-infrastructure helm charts #502

jocobtt opened this issue Dec 11, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@jocobtt
Copy link

jocobtt commented Dec 11, 2024

Description

Currently, the Spark-Infrastructure Helm charts constrain downstream consumers to using an IAM user for authentication to read/write from S3 buckets. This limitation restricts flexibility, compromises security, and increases the operational burden for deploying workloads in environments where IAM users may not be ideal. Instead, IAM Roles for Service Accounts (IRSA) provide a more secure and manageable alternative for authentication.

Can we potentially add support for IRSA by including the option to configure a service account in the following charts within the spark-infrastructure helm chart:

  • Thrift Server chart
  • Spark-History chart

Why This is Needed:

In previous versions of these charts, it was straightforward to add service account configurations by editing the manifests in the local templates folder. However, now that the charts are being consumed downstream, modifying the manifests directly is no longer feasible.To enable IRSA support, we as a downstream consumer currently rely on Kustomize patches to add the necessary service account configurations to the helm charts.

Native IRSA support in the Helm charts would simplify integration, reduce operational overhead, and align with standard Kubernetes patterns for AWS authentication.

DOD

Acceptance criteria required to realize the requested feature

  • IRSA authentication mechanism supported for spark-infrastructure helm charts

Test Strategy/Script

When IRSA authentication is enabled in a project's values.yaml file with the necessary IAM role annotation, the system should:

  1. Properly authenticate using the assigned IAM role.
  2. Successfully read/write to S3 buckets associated with Spark-Infrastructure workloads.

References/Additional Context

@jocobtt jocobtt added the enhancement New feature or request label Dec 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

1 participant