[SPARK-15487] [Web UI] Spark Master UI to reverse proxy Application and Workers UI #13950
Conversation
|
This looks good and I really like this added functionality, I'll check out your code and give it a test run as soon as I have time. |
| <li><strong> | ||
| { | ||
| if (parent.master.reverseProxy) { | ||
| <a href={"/target/" + app.id + "/"}>Application Detail UI</a> |
There was a problem hiding this comment.
Should the "/target/" be a literal or a configuration value?
There was a problem hiding this comment.
By all means it can be a configuration value, but there were already some literal conventions eg. "app" so I thought of having it this way. But if community prefer the configured value, then I will add that.
|
@ajbozarth what are the steps ahead in terms of moving this pr closer to being merged. |
|
@srowen @zsxwing @tgravescs What do you guys think of @gurvindersingh proposal? |
| <tr> | ||
| <td><code>spark.ui.reverseProxyUrl</code></td> | ||
| <td>http://localhost:8080</td> | ||
| <td> |
|
overall proposal seems fine to me if its only affecting standalone mode where things are going through the master. It would be similar to the hadoop Yarn RM proxy although that was mostly for security reasons. You do need to make sure all the authentication and authorization stuff still applies |
|
@tgravescs Yeah the proposal is only for standalone mode where worker & application UI is accessed through master UI now. Looking at the authn/z settings for standalone, I don't see this patch interfere with any of those. The addFilters() function set the ui.filters for '/*' path so it will apply for this case too. Beyond this let me know if I miss anything. |
|
@tgravescs @ajbozarth any update on this PR ? |
|
I'll try and take a look at this tomorrow |
|
I think changing Overall LGTM though |
|
Changed the path from |
|
@ajbozarth ping on this.. |
|
LGTM, @tgravescs this ready to merge? |
|
@ajbozarth it seems @tgravescs is busy, is anybody else then who you think could help us in merging this. |
|
I'm trying to have nginx as reverse proxy for Spark dashboards which doesn't support app/driver logs now. Thank you @gurvindersingh . I will try this. |
|
@srowen @JoshRosen could we get some traction on this? Thanks! |
|
ok to test |
|
Test build #63232 has finished for PR 13950 at commit
|
| <artifactId>jetty-servlet</artifactId> | ||
| <scope>compile</scope> | ||
| </dependency> | ||
| <dependency> |
There was a problem hiding this comment.
These new dependencies need to be added to the copy-dependencies invocation later in this file.
|
Test build #64490 has finished for PR 13950 at commit
|
|
@ajbozarth @vanzin @JoshRosen it seems to be stalled, any update ? |
|
A few minor things. Looks ok, but I'd still like from someone who's more active in maintaining standalone mode to take a look. If there's no comments in a few days I'll push it after the comments are addressed. |
There was a problem hiding this comment.
Could you add a test for encoded string in the url, such as %2F, %F0%9F%98%84 (the 😄 emoji) ?
gurvindersingh
force-pushed
the
rproxy
branch
from
a524a8b to
407c1a0
Compare
|
@vanzin addressed all your comments and added two extra checks too in test as requested. Let me know if there are any more comments. |
|
Test build #65099 has finished for PR 13950 at commit
|
|
LGTM expect one nit! |
…nd restricting direct access to application UI
gurvindersingh
force-pushed
the
rproxy
branch
from
407c1a0 to
9f6862e
Compare
|
Test build #65112 has finished for PR 13950 at commit
|
|
LGTM. Merging to master! Thanks! |
9 participants
What changes were proposed in this pull request?
This pull request adds the functionality to enable accessing worker and application UI through master UI itself. Thus helps in accessing SparkUI when running spark cluster in closed networks e.g. Kubernetes. Cluster admin needs to expose only spark master UI and rest of the UIs can be in the private network, master UI will reverse proxy the connection request to corresponding resource. It adds the path for workers/application UIs as
WorkerUI: <http/https>://master-publicIP:/target/workerID/
ApplicationUI: <http/https>://master-publicIP:/target/appID/
This makes it easy for users to easily protect the Spark master cluster access by putting some reverse proxy e.g. https://github.com/bitly/oauth2_proxy
How was this patch tested?
The functionality has been tested manually and there is a unit test too for testing access to worker UI with reverse proxy address.
@pwendell @bomeng @BryanCutler can you please review it, thanks.