From 359792274c5517e0a65a08ca20a84511da3a68f2 Mon Sep 17 00:00:00 2001 From: Andrew Kenworthy Date: Fri, 12 Dec 2025 13:59:44 +0100 Subject: [PATCH 1/4] add permission to inspect (listener) custom resources for topology-provider --- deploy/helm/hdfs-operator/templates/roles.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/deploy/helm/hdfs-operator/templates/roles.yaml b/deploy/helm/hdfs-operator/templates/roles.yaml index 6d4583c7..87330fea 100644 --- a/deploy/helm/hdfs-operator/templates/roles.yaml +++ b/deploy/helm/hdfs-operator/templates/roles.yaml @@ -213,3 +213,10 @@ rules: verbs: - get - list + # needed to query the crd version (v1alpha1 etc.) before fetching listeners + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get From 4f037002200e2ee9c170c7a9c632abd0aa55781b Mon Sep 17 00:00:00 2001 From: Andrew Kenworthy Date: Wed, 17 Dec 2025 15:26:14 +0100 Subject: [PATCH 2/4] add permission for pod informer --- deploy/helm/hdfs-operator/templates/roles.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/deploy/helm/hdfs-operator/templates/roles.yaml b/deploy/helm/hdfs-operator/templates/roles.yaml index 87330fea..dda8a961 100644 --- a/deploy/helm/hdfs-operator/templates/roles.yaml +++ b/deploy/helm/hdfs-operator/templates/roles.yaml @@ -206,6 +206,8 @@ rules: verbs: - get - list + # needed for pod informer + - watch - apiGroups: - listeners.stackable.tech resources: From ebf7ba3ed8e21d768441ee071285b212700dd43d Mon Sep 17 00:00:00 2001 From: Andrew Kenworthy Date: Wed, 17 Dec 2025 18:38:46 +0100 Subject: [PATCH 3/4] updated docs --- .../hdfs/pages/usage-guide/operations/rack-awareness.adoc | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/modules/hdfs/pages/usage-guide/operations/rack-awareness.adoc b/docs/modules/hdfs/pages/usage-guide/operations/rack-awareness.adoc index 057032d6..10187338 100644 --- a/docs/modules/hdfs/pages/usage-guide/operations/rack-awareness.adoc +++ b/docs/modules/hdfs/pages/usage-guide/operations/rack-awareness.adoc @@ -1,6 +1,6 @@ = HDFS Rack Awareness :rack-awareness-docs: https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-common/RackAwareness.html -:hdfs-topology-provider: https://github.com/stackabletech/hdfs-topology-provider +:hdfs-topology-provider: https://github.com/stackabletech/hdfs-utils/blob/main/src/main/java/tech/stackable/hadoop/StackableTopologyProvider.java {rack-awareness-docs}[Rack awareness] is a feature in Apache Hadoop that allows users to define a cluster's node topology. Hadoop uses that topology to distribute block replicas in a way that maximizes fault tolerance. @@ -35,3 +35,7 @@ This creates an internal topology label by combining the values of the `topology In order to enable gathering this information the Hadoop images contain the {hdfs-topology-provider}[hdfs-topology-provider] on the classpath, which can be configured to read labels from Kubernetes objects. The operator deploys ClusterRoles and ServicesAccounts with the relevant RBAC rules to allow the Hadoop Pod to access the necessary Kubernetes objects. +Topologies and other metadata such as Node- and Pod-IPs and endpoints are held in separate caches so that they can be refeshed independently of one another. +The {hdfs-topology-provider}[hdfs-topology-provider] is namespace-scoped and pods in the active namespace are watched so that changes can be propagated to the internal cache to minimise cache misses. + +NOTE: Rack awareness will not work on clusters such as `kind` or `k3s` that configure IP-masquerading differently to production-ready distributions. \ No newline at end of file From e2b515460d82c46202bb213f87095032a38e285a Mon Sep 17 00:00:00 2001 From: Andrew Kenworthy Date: Wed, 17 Dec 2025 18:47:02 +0100 Subject: [PATCH 4/4] changelog --- CHANGELOG.md | 6 ++++++ .../hdfs/pages/usage-guide/operations/rack-awareness.adoc | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 775a1bea..2a1858f5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file. ## [Unreleased] +### Added + +- Added permissions required by Topology Provider ([#738]). + +[#738]: https://github.com/stackabletech/hdfs-operator/pull/738 + ## [25.11.0] - 2025-11-07 ## [25.11.0-rc1] - 2025-11-06 diff --git a/docs/modules/hdfs/pages/usage-guide/operations/rack-awareness.adoc b/docs/modules/hdfs/pages/usage-guide/operations/rack-awareness.adoc index 10187338..671dc55d 100644 --- a/docs/modules/hdfs/pages/usage-guide/operations/rack-awareness.adoc +++ b/docs/modules/hdfs/pages/usage-guide/operations/rack-awareness.adoc @@ -38,4 +38,4 @@ The operator deploys ClusterRoles and ServicesAccounts with the relevant RBAC ru Topologies and other metadata such as Node- and Pod-IPs and endpoints are held in separate caches so that they can be refeshed independently of one another. The {hdfs-topology-provider}[hdfs-topology-provider] is namespace-scoped and pods in the active namespace are watched so that changes can be propagated to the internal cache to minimise cache misses. -NOTE: Rack awareness will not work on clusters such as `kind` or `k3s` that configure IP-masquerading differently to production-ready distributions. \ No newline at end of file +NOTE: Rack awareness will not work on clusters such as `kind` or `k3s` that configure IP-masquerading differently to production-ready distributions.