You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@heron.apache.org by GitBox <gi...@apache.org> on 2021/12/19 06:01:13 UTC
[GitHub] [incubator-heron] nicknezis commented on a change in pull request #3747: [Heron-3723] Add support for Empty Dir, Host Path, and NFS via CLI
nicknezis commented on a change in pull request #3747:
URL: https://github.com/apache/incubator-heron/pull/3747#discussion_r771901622
##########
File path: website2/docs/schedulers-k8s-execution-environment.md
##########
@@ -489,6 +470,235 @@ A `Volume` and a `Volume Mount` will be created for each `volume name` which you
<br>
+## Adding Empty Directory, Host Path, and Nework File System Volumes via the Command-line Interface
+
+<br>
+
+> This section demonstrates how you can specify configurations for `Empty Dir`, `Host Path`, and `NFS` volumes via the Command Line Interface during the submit process.
+
+<br/>
+
+It is possible to allocate and configure Volumes with Pod Templates but the CLI commands extend this to being able to specify Volumes at submission time.
+
+<br>
+
+> ***System Administrators:***
+>
+> * You may wish to disable the ability to configure Volume configurations specified via the CLI. To achieve this, you must pass the define option `-D heron.kubernetes.volume.from.cli.disabled=true`to the Heron API Server on the command line when launching. This command has been added to the Kubernetes configuration files to deploy the Heron API Server and is set to `false` by default.
+> * ⚠ ***WARNING*** ⚠ `Host Path` volumes have inherent [security concerns](https://kubernetes.io/docs/concepts/storage/volumes/#hostpath). `Host Path`s can breach the containment provided by containerisation and should be exclusively used with volume mounts set to `read-only`, with usage limited to testing and development environments.
Review comment:
```suggestion
> * ⚠ ***WARNING*** ⚠ `Host Path` volumes have inherent [security concerns](https://kubernetes.io/docs/concepts/storage/volumes/#hostpath). `Host Path`s can breach the containment provided by containerization and should be exclusively used with volume mounts set to `read-only`, with usage limited to testing and development environments.
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@heron.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org