You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@submarine.apache.org by "Che-Kuang Chu (Jira)" <ji...@apache.org> on 2021/07/30 04:22:00 UTC

[jira] [Created] (SUBMARINE-953) Submarine-server shouldn't create persistentVolume manually for notebook

Che-Kuang Chu created SUBMARINE-953:
---------------------------------------

             Summary: Submarine-server shouldn't create persistentVolume manually for notebook
                 Key: SUBMARINE-953
                 URL: https://issues.apache.org/jira/browse/SUBMARINE-953
             Project: Apache Submarine
          Issue Type: Bug
            Reporter: Che-Kuang Chu
            Assignee: Che-Kuang Chu


Source: [https://github.com/apache/submarine/blob/72be805fc4672f7f29c96cca95e16d59358d4dd2/submarine-server/server-submitter/submitter-k8s/src/main/java/org/apache/submarine/server/submitter/k8s/K8sSubmitter.java#L379]

We can find out that when we create a notebook custom resource, the server will manually create the persistent volume for it.

However, this made submarine-server has to grant access to persistent volume resources, which lead to setting cluster roles for the server. ([https://github.com/apache/submarine/blob/72be805fc4/helm-charts/submarine/templates/rbac.yaml#L61)]

Since the server is in namespace scope, giving it cluster roles is inappropriate. Besides, this makes multi-tenancy more difficult.

To fix the bug, we can create a *storage class* to dynamically provision persistent volumes, and submarine-server will only need to deal with persistent volume claim.

Todos:
 * add storageClass
 * add persistentVolumeClaim spec to submarine-server
 * remove submarine-server createPersistentVolume
 * replace clutserrolebinding to rolebinding
 * replace clusterrole to role

Ref:
 * storage class: [https://kubernetes.io/docs/concepts/storage/storage-classes/#local]
 * notebook-cr spec: [https://www.kubeflow.org/docs/reference/notebook/v1/] 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@submarine.apache.org
For additional commands, e-mail: dev-help@submarine.apache.org