You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@yunikorn.apache.org by "Craig Condit (Jira)" <ji...@apache.org> on 2022/03/09 20:33:00 UTC

[jira] [Updated] (YUNIKORN-997) Use K8s fine-grained access control for YuniKorn scheduler

     [ https://issues.apache.org/jira/browse/YUNIKORN-997?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Craig Condit updated YUNIKORN-997:
----------------------------------
    Summary: Use K8s fine-grained access control for YuniKorn scheduler  (was: assess Kubernetes role requirement)

> Use K8s fine-grained access control for YuniKorn scheduler
> ----------------------------------------------------------
>
>                 Key: YUNIKORN-997
>                 URL: https://issues.apache.org/jira/browse/YUNIKORN-997
>             Project: Apache YuniKorn
>          Issue Type: Improvement
>          Components: shim - kubernetes
>            Reporter: Wilfred Spiegelenburg
>            Assignee: Craig Condit
>            Priority: Major
>              Labels: pull-request-available
>
> Currently we run with cluster-admin privileges. That is really broad. Kubernetes has more limited roles called {{system:kube-scheduler}} and {{{}system:volume-scheduler{}}}. Those roles are assigned to the default scheduler.
> These roles will not fit for us as we do a little more than the default scheduler when it comes down to placeholder pods.
> We need to assess if we can drop as many privileges as possible and not run with cluster admin role. 



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@yunikorn.apache.org
For additional commands, e-mail: issues-help@yunikorn.apache.org