You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@yunikorn.apache.org by "Peter Bacsko (Jira)" <ji...@apache.org> on 2022/09/06 11:23:00 UTC

[jira] [Created] (YUNIKORN-1306) [Umbrella] Enhanced user and group handling

Peter Bacsko created YUNIKORN-1306:
--------------------------------------

             Summary: [Umbrella] Enhanced user and group handling
                 Key: YUNIKORN-1306
                 URL: https://issues.apache.org/jira/browse/YUNIKORN-1306
             Project: Apache YuniKorn
          Issue Type: New Feature
          Components: shim - kubernetes
            Reporter: Peter Bacsko


Yunikorn needs a more secure and robust user/group handling.

Currently, the YK handles users is by using a label on the pod. However, this label can contain anything and no verification is performed by Yunikorn to make sure that the users are what the label say they are. 

The group support is also lacking. There is a lookup feature in the core, but that is very limited. It's an OS-based lookup similar to how Hadoop works, but YK runs inside a container. Determining which group a user belongs to is too late in the core.

Yunikorn needs to be able to lookup/detect the real user and group of the workload (be it a pod or a deployment, job, etc) plus provide backward compatibility because there are already solutions built on the existing label.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@yunikorn.apache.org
For additional commands, e-mail: issues-help@yunikorn.apache.org