K
Q

the trustAnchors parameter must be non-empty when submitting spark job to k8s

1/8/2019

I am following https://spark.apache.org/docs/2.3.1/running-on-kubernetes.html. I run ./bin/spark-submit --class com.poc.Job --master k8s://10.189.176.130:6443 --deploy-mode cluster --conf spark.kubernetes.container.image=cr.vip.com/me/test:latest --conf spark.kubernetes.driver.pod.name=spark-job-driver --driver-java-options "-Djavax.net.ssl.trustStore=/usr/jdk1.8.0_131/jre/lib/security/cacerts" local:///opt/spark/examples/spark-streaming-1.0-SNAPSHOT-jar-with-dependencies.jar --batch-interval 10 --job-type TEST --consumer-brokers xxx --consumer-topic yyy --group-id zzz --client-id 50e3bf9 --es-index items --es-type json --param spark.cores.max=3 spark.es.nodes=10.23.12.2 spark.es.port=9200 spark.es.index.auto.create=true > log.txt to submit the spark job to k8s cluster.

I got Env variables of the driver pod:

Environment variables:
SPARK_DRIVER_MEMORY: 1g
SPARK_DRIVER_CLASS: com.poc.Job
SPARK_DRIVER_ARGS: --batch-interval 10 --job-type TEST --consumer-brokers xxx --consumer-topic yyy --group-id zzz --client-id 7150e3bf9 --es-index items --es-type json --param spark.cores.max=3 spark.es.nodes=10.23.12.2 spark.es.port=9200 spark.es.index.auto.create=true
SPARK_DRIVER_BIND_ADDRESS: (v1:status.podIP)
SPARK_MOUNTED_CLASSPATH: /opt/spark/examples/spark-streaming-1.0-SNAPSHOT-jar-with-dependencies.jar:/opt/spark/examples/spark-streaming-1.0-SNAPSHOT-jar-with-dependencies.jar
SPARK_JAVA_OPT_0: -Dspark.driver.host=spark-1546966297642-driver-svc.default.svc
SPARK_JAVA_OPT_1: -Dspark.submit.deployMode=cluster
SPARK_JAVA_OPT_2: -Dspark.driver.blockManager.port=7079
...
SPARK_JAVA_OPT_11: -Djavax.net.ssl.trustStore=/usr/jdk1.8.0_131/jre/lib/security/cacerts

I modified the docker file. And there is /usr/jdk1.8.0_131/jre/lib/security/cacerts in the docker image:

bash-4.4# cd /usr/jdk1.8.0_131/jre/lib/security/
bash-4.4# ls -al
total 124
drwxr-xr-x    2 root     root          4096 Jan  8 16:44 .
drwxr-xr-x    3 root     root          4096 Jan  8 16:44 ..
-rw-r--r--    1 root     root        116377 Jan  8 14:25 cacerts

But I got the following error:

Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1964)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1921)
    at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1904)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1420)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1334)
    at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1309)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:259)

Why? Any comments welcomed. Thanks

-- BAE
apache-spark
docker
java
kubernetes
scala

Similar Questions

Cannot connect to Postgres deployed to Kubernetes
How to find url of exposed service in kubernetes dashboard?
kubernetes pod name to be used as argument
What is the best practice for overriding values in helm subcharts on a per-cluster basis?
How to configure a ClusterRole for namespaced resources
deployment registry service by kubernetes but registry service make Connection refused error

0 Answers