You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@yunikorn.apache.org by "Peter Bacsko (Jira)" <ji...@apache.org> on 2022/11/09 13:07:00 UTC

[jira] [Commented] (YUNIKORN-1374) [shim] use the parent's user-group info if the pod has an ownerReference defined

    [ https://issues.apache.org/jira/browse/YUNIKORN-1374?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17631061#comment-17631061 ] 

Peter Bacsko commented on YUNIKORN-1374:
----------------------------------------

cc [~wilfreds] [~manirajv06@gmail.com]

I recorded this ticket after checking the behavior of Spark on K8s.

I analyzed whether this is needed or not and my conclusion is that it's not. Looking at Mani's PRs about user tracking (https://github.com/apache/yunikorn-core/pull/441/), it seems to me that the user information is created only once and stored inside the {{Application}} object. As long as newly created pods have proper application ID labels, there's no need to mess around with owner references, because all that matters is that who owned very first pod (aka the "originator"). (https://github.com/apache/yunikorn-core/blob/26354d6b56e464e352eef0d0fc96ccb99394e69b/pkg/scheduler/context.go#L521).

Is this correct?


> [shim] use the parent's user-group info if the pod has an ownerReference defined
> --------------------------------------------------------------------------------
>
>                 Key: YUNIKORN-1374
>                 URL: https://issues.apache.org/jira/browse/YUNIKORN-1374
>             Project: Apache YuniKorn
>          Issue Type: Sub-task
>          Components: shim - kubernetes
>            Reporter: Peter Bacsko
>            Assignee: Peter Bacsko
>            Priority: Major
>
> Certain workloads submit further pods from within the cluster.
> For example, the driver pod startved by {{spark-submit}} belongs to the user who authenticated externally. Subsequent executor pods, however, will be started by the driver pod from a service account which is defined in the command line.
> In order to properly track resource usage, we need to check if there is {{OwnerReference}} set for a given pod. If it is, then we need to look up the existing pod/application and replace the user and group info. This also ensures that placeholders are handled properly, too.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@yunikorn.apache.org
For additional commands, e-mail: issues-help@yunikorn.apache.org