warbaque
Reputation: 633
Prevent spark executors from accessing Mesos or ZooKeeper apis
Currently Spark on Mesos is run in cluster mode, Mesos/ZooKeeper doesn't have any access control, and executors are started on host network.
What would be the best practice for preventing spark executors from accessing mesos or zookeeper apis when running arbitary code?
- Run executors on overlay network and implement network policies?
- ACL for mesos/zookeeper?
- Something else?
Upvotes: 0
Views: 42
Answers (1)
janisz
Reputation: 6371
You should enable encryption and authentication in Mesos and Zookeeper. Then you configure ZK like this and in Mesos --zk=zk://username:password@host1:port1,host2:port2,.../path.
To enable authentication in Moses following theses instructions
Upvotes: 0
Related Questions
- Throttle concurrent HTTP requests from Spark executors
- Apache Spark: Limit number of executors used by Spark App
- Kill a single spark task
- Multiple spark executors with same spark.local.dir
- Running Spark on Mesos using --jars
- Spark cluster mode on Mesos: how to pass configuration to executor?
- Running a simple Spark script on Mesos with Zookeeper
- How to enable Spark mesos docker executor?
- access to spark, in a mesos cluster setup by dcos
- Spark Mesos Dispatcher