Kubernetes Resources¶

The Ververica Platform creates various Kubernetes resources to support Apache Flink® clusters. For example, Kubernetes jobs, deployments, and services are used to run and expose the JobManagers and TaskManagers.

The Kubernetes pods that back these resources can be configured via simplified pod options or full-fledged pod templates.

Overview ¶

The Kubernetes resources created for a Flink cluster can be customized as part of the kubernetes section.

kind: SessionCluster
spec:
  kubernetes:
    labels: <Map<String, String>>
    pods: <KubernetesPodOptions>
    jobManagerPodTemplate: <V1PodTemplateSpec>
    taskManagerPodTemplate: <V1PodTemplateSpec>

The labels attribute allows specifying additional labels to the Kubernetes deployments, jobs, and services created for Flink clusters, with precedence given to system-defined labels.

The pods attribute allows customization of common Kubernetes options that apply to both JobManager and TaskManager pods.

The jobManagerPodTemplate and taskManagerPodTemplate allow you to individually customize the JobManager and/or TaskManager pods with full flexibility by exposing the Kubernetes V1PodTemplateSpec API object.

In both cases, the attributes you specify will be merged with the system configuration.

Note

It is only possible to either specify the pods attribute or the jobManagerPodTemplate and taskManagerPodTemplate attributes.

Kubernetes Pod Options ¶

User-provided Kubernetes pod options under pods apply to both the JobManager and TaskManager pods and expose common configuration options.

kind: SessionCluster
spec:
  kubernetes:
    pods:
      annotations:
        key: value
      labels:
        key: value
      nodeSelector:
        key: value
      affinity: <V1Affinity>
      tolerations:
          - <V1Toleration>
          imagePullSecrets:
          - name: secretName
          volumeMounts:
          - name: volumeAndMountName
            volume: <V1Volume>
            volumeMount: <V1VolumeMount>
          envVars:
          - name: envVarName
            value: envVarValue
            valueFrom: <V1EnvVarSource>
          securityContext: <V1PodSecurityContext>

Kubernetes API objects such as V1Volume are only validated lazily at Flink cluster creation time.

Annotations ¶

The annotations configured as part of the Kubernetes options are added to the annotations of the created JobManager and TaskManager pods.

kind: SessionCluster
spec:
  kubernetes:
    pods:
      annotations:
        key: value

All provided annotations are subject to the restrictions enforced by the Kubernetes API.

Labels ¶

The labels configured as part of the Kubernetes options are added to the labels of the created JobManager and TaskManager pods.

kind: SessionCluster
spec:
  kubernetes:
    pods:
      labels:
        key: value

All provided labels are subject to the restrictions enforced by the Kubernetes API.

Note

The labels app, component, deploymentId, deploymentName, jobId, system, sessionClusterId, sessionClusterName, and vvpNamespace are reserved by Ververica Platform.

Node Selector ¶

The node selector configured as part of the Kubernetes options is added to the node selector of the created JobManager and TaskManager pods.

kind: SessionCluster
spec:
  kubernetes:
    pods:
      nodeSelector:
        key: value

Affinity ¶

The affinity configured as part of the Kubernetes options is added set as the affinity of the created JobManager and TaskManager pods.

kind: SessionCluster
spec:
  kubernetes:
    pods:
      affinity: <V1Affinity>

V1Affinity refers to the respective Kubernetes API object. Kubernetes API objects such as V1Affinity are only validated lazily at Flink cluster creation time.

Tolerations ¶

The tolerations configured as part of the Kubernetes options are added to the tolerations of the created JobManager and TaskManager pods.

kind: SessionCluster
spec:
  kubernetes:
    pods:
      tolerations:
      - <V1Toleration>

V1Toleration refers to the respective Kubernetes API object. Kubernetes API objects such as V1Toleration are only validated lazily at Flink cluster creation time.

Image Pull Secrets ¶

The image pull secrets configured as part of the Kubernetes options are added to the image pull secrets of the created JobManager and TaskManager pods.

kind: SessionCluster
spec:
  kubernetes:
    pods:
      imagePullSecrets:
      - name: secretName

All provided secret names are subject to the restrictions enforced by the Kubernetes API. If a referenced secret does not exist, the Flink cluster will fail to start.

Volume Mounts ¶

The volume and volume mount configured as part of the Kubernetes options are added to the volumes of the created JobManager and TaskManager pods and mounted in the respective Flink containers.

kind: SessionCluster
spec:
  kubernetes:
    pods:
      volumeMounts:
      - name: volumeAndMountName
        volume: <V1Volume>
        volumeMount: <V1VolumeMount>

V1Volume refers to the respective Kubernetes API object. V1VolumeMount refers to the respective Kubernetes API object.

Kubernetes API objects such as V1Volume or V1VolumeMount are only validated lazily at Flink cluster creation time. The name of the configured volume and volume mount must match the provided volumeAndMountName.

Example: Mounting a Secret ¶

kind: SessionCluster
spec:
  kubernetes:
    pods:
      volumeMounts:
      - name: my-secret
        volume:
          name: my-secret
          secret:
            secretName: my-secret
        volumeMount:
          name: my-secret
              mountPath: /var/run/secrets/some-secret

Environment Variables ¶

The environment variables configured as part of the Kubernetes options are added to the environment variables of the JobManager and TaskManager containers.

kind: SessionCluster
spec:
  kubernetes:
    pods:
      envVars:
      - name: envVarName
        value: envVarValue
        valueFrom: <V1EnvVarSource>

You can either configure value directly or a V1EnvVarSource. Kubernetes API objects such as V1EnvVarSource are only validated lazily at Flink cluster creation time. If a referenced environment variable source does not exist, the Flink cluster will fail to start.

Example: Setting Environment Variables ¶

kind: SessionCluster
spec:
  kubernetes:
    pods:
      envVars:
        - name: ENV
          value: testing
        - name: POD_IP
          valueFrom:
            fieldRef:
              fieldPath: status.podIP

Pod Security Context ¶

The security context configured as part of the Kubernetes options is set as the security contet of the created JobManager and TaskManager pods.

kind: SessionCluster
spec:
  kubernetes:
    pods:
      securityContext: <V1PodSecurityContext>

V1PodSecurityContext refers to the respective Kubernetes API object. Kubernetes API objects such as V1PodSecurityContext are only validated lazily at Flink cluster creation time.

Flink Pod Templates (Recommended)¶

User-provided Kubernetes pod templates under jobManagerPodTemplate and taskManagerPodTemplate apply to the JobManager and TaskManager pods individually and provide full flexibility by exposing the complete V1PodTemplateSpec API.

kind: SessionCluster
spec:
  kubernetes:
    jobManagerPodTemplate: <V1PodTemplateSpec>
    taskManagerPodTemplate: <V1PodTemplateSpec>

The templates are used by Ververica Platform during deployment of Flink clusters. System-level configuration is applied on top of the user-provided templates.

Overall correctness of the resulting pod specs is only validated lazily at Flink cluster creation time, but each provided V1PodTemplateSpec is validated eagerly for structural correctness.

Container Names ¶

Flink clusters launched by Ververica Platform for SessionClusters create two pods, one for the JobManager and one for the TaskManager. The following containers are executed as part of the pods.

Container Name	Container Type	Pod	Description
`flink-jobmanager`	Container	JobManager	Flink JobManager process.
`flink-taskmanager`	Container	TaskManager	Flink TaskManager process.
`result-fetcher`	Container (Sidecar)	JobManager	Serve results for SQL previews.

In order to modify the configuration of these containers, you have to include them in the provided pod templates. The configuration is subject to the merge rules outlined below.

Merge Rules and System Reserved Fields ¶

Some attributes provided as part of the pod templates cannot be overwritten by user-provided options. The following table describes how user-provided options are merged.

The rules for containers only apply to containers named flink-jobmanager, flink-taskmanager, and result-fetcher.

Field Path	Merge Strategy
`metadata.labels`	Add (system has precedence for conflicting names)
`spec.containers[].args`	Replace with user-provided value
`spec.containers[].env`	Add (system has precedence for conflicting names)
`spec.containers[].envFrom`	Add (system has precedence for conflicting names)
`spec.containers[].image`	Replace with user-provided value
`spec.containers[].imagePullPolicy`	Replace with user-provided value
`spec.containers[].ports`	Add (system has precedence for conflicting names)
`spec.containers[].resources`	Merge with system-provided resources (user has precedence)
`spec.containers[].terminationMessagePath`	Ignore user-provided value
`spec.containers[].terminationMessagePolicy`	Ignore user-provided value
`spec.containers[].volumeMounts`	Add (system has precedence for conflicting names)
`spec.serviceAccountName`	Replace with user-provided value (see also required permissions for `vvp-kubernetes` high-availability)
`spec.volumes`	Add (system has precedence for conflicting names)

All omitted fields are fully configurable.

Note

You can set validation of non empty spec.serviceAccountName with the global setting vvp.accessControl.serviceAccountNameEnforcementEnabled=true. SessionCluster should have spec.serviceAccountName defined in jobManagerPodTemplate and taskManagerPodTemplate. Validation requires format session-${namespace}-${sessionClusterName}.

Examples ¶

Add Pod Labels ¶

The following example adds a env: testing label to all pods.

kind: Deployment
spec:
template:
  spec:
    kubernetes:
      jobManagerPodTemplate:
        metadata:
          labels:
            env: testing
      taskManagerPodTemplate:
        metadata:
          labels:
            env: testing

Set Image Pull Policy ¶

The following example sets imagePullPolicy: IfNotPresent for all containers.

kind: Deployment
spec:
template:
  spec:
    kubernetes:
      jobManagerPodTemplate:
        spec:
          containers:
          - name: flink-jobmanager
            imagePullPolicy: IfNotPresent:
          - name: result-fetcher
            imagePullPolicy: IfNotPresent
      taskManagerPodTemplate:
        spec:
          containers:
          - name: flink-taskmanager
            imagePullPolicy: IfNotPresent
          - name: result-fetcher
            imagePullPolicy: IfNotPresent

Add Sidecar Containers ¶

The following example adds an additional sidecar container named my-logging-sidecar to both the JobManager and TaskManager pods.

kind: SessionCluster
spec:
  kubernetes:
    jobManagerPodTemplate:
      spec:
        containers:
        - name: my-logging-sidecar
          image: registry.acme.org/logging:3.2.1
    taskManagerPodTemplate:
      spec:
        containers:
        - name: my-logging-sidecar
              image: registry.acme.org/logging:3.2.1

Request Ephemeral TaskManager Storage ¶

The following example requests ephemeral storage for TaskManager containers.

kind: SessionCluster
spec:
  kubernetes:
    taskManagerPodTemplate:
      spec:
        containers:
        - name: flink-taskmanager
          resources:
            requests:
              ephemeral-storage: "2Gi"
            limits:
              ephemeral-storage: "4Gi"