auto_register_spark_ui_deployment.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: auto-register-spark-ui-sa
  namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: service-listener-clusterrole
rules:
- apiGroups: [""]
  resources: ["services"]
  verbs: ["get", "list", "watch"]
- apiGroups: ["networking.k8s.io"]
  resources: ["ingresses"]
  verbs: ["create", "get", "list", "watch", "update", "patch", "delete"]
- apiGroups: [""] #needed for accessing the secret with list of username/password as created with htpasswd
  resources: ["secrets"]
  resourceNames: ["spark-ui-auth"] # change the secret name to the one you created
  verbs: ["get"]
# Uncomment the following lines if you use Traefik as ingress controller
# - apiGroups: ["traefik.io"]
#   resources: ["middlewares"]
#   verbs: ["create", "get", "list", "watch", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: service-listener-clusterrolebinding
subjects:
- kind: ServiceAccount
  name: auto-register-spark-ui-sa
  namespace: default
roleRef:
  kind: ClusterRole
  name: service-listener-clusterrole
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: auto-register-k8s-spark-ui
  labels:
    app: auto-register-k8s-spark-ui
spec:
  replicas: 1  # Number of replicas
  selector:
    matchLabels:
      app: auto-register-k8s-spark-ui
  template:
    metadata:
      labels:
        app: auto-register-k8s-spark-ui
    spec:
      serviceAccountName: auto-register-spark-ui-sa
      containers:
        - name: auto-register-k8s-spark-ui
          image: lmouhib/auto-register-spark-ui-k8s:0.0.3
          securityContext:
            runAsUser: 1000
            runAsGroup: 3000
            allowPrivilegeEscalation: false
            capabilities:
              drop:
              - ALL
            readOnlyRootFilesystem: true
          env:
            - name: SPARK_LABEL_SERVICE_SELECTOR #default spark-app-selector, the label that is used to select the service
              value: "spark-app-selector"
            - name: SPARK_NAMESPACE #default default
              value: "default"
            - name: NAMESPACED_INGRESS_PATH #default false, no namespace is prefixed to path
              value: "false"
            - name: INGRESS_NAME #default spark-ui-ingress
              value: "spark-ui-ingress"
            - name: AUTHENTICATION_SETUP #No authentication is setup at proxy
              value: "spark-ui-auth"
            - name: INGRESS_TYPE #default NGINX
              value: "traefik"
          resources:
            requests:
              memory: "64Mi"
              cpu: "250m"
            limits:
              memory: "128Mi"
              cpu: "500m"