You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@heron.apache.org by GitBox <gi...@apache.org> on 2021/08/30 18:44:44 UTC

[GitHub] [incubator-heron] nicknezis commented on issue #3474: Kubernetes scheduler code should support setting a SecurityContext

nicknezis commented on issue #3474:
URL: https://github.com/apache/incubator-heron/issues/3474#issuecomment-908593378


   @surahman This has not been resolved yet. Although I believe Kubernetes support for Pod Security Policy may be deprecated and evolving to something else. I believe the Security Context is still worth supporting. I have had some further thoughts on this topic when comparing how other analytic frameworks have solved it. 
   
   I've created a [Project board](https://github.com/apache/incubator-heron/projects/5) to capture various Kubernetes Scheduler improvements I think we should make. Many of the designs mirror what the Apache Spark Kubernetes scheduler does. One of the tickets would solve this SecurityContext issue. Specifically the Pod Template feature in [this issue](https://github.com/apache/incubator-heron/issues/3707). If we provide support for Pod Templates, then this would provide a mechanism to provide complex Pod Security Context without needing to do extensive mapping from Config properties to Security Context.
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@heron.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org