You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@yunikorn.apache.org by "Weiwei Yang (Jira)" <ji...@apache.org> on 2021/05/11 22:26:00 UTC
[jira] [Resolved] (YUNIKORN-658) default user should not be nobody
[ https://issues.apache.org/jira/browse/YUNIKORN-658?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Weiwei Yang resolved YUNIKORN-658.
----------------------------------
Fix Version/s: 0.11
Assignee: Amit Sharma
Resolution: Won't Fix
> default user should not be nobody
> ---------------------------------
>
> Key: YUNIKORN-658
> URL: https://issues.apache.org/jira/browse/YUNIKORN-658
> Project: Apache YuniKorn
> Issue Type: Sub-task
> Reporter: Wilfred Spiegelenburg
> Assignee: Amit Sharma
> Priority: Blocker
> Fix For: 0.11
>
>
> In YUNIKORN-650 the possibility to read a label from a pod was introduced to specify a user for the pod. Allowing a label to specify the user is in itself not an issue. The side effects of doing this could be an issue:
> # default behaviour has been changed without documenting it has, this change breaks existing deployments which rely on the old behaviour
> # the current behaviour is to default to the ServiceAccountName for the pod. This value is always set. The new default is the user nobody as the label is not set.
> # ACLs cannot be relied on anymore in any current deployment due to the default change.
> # ACLs can always be bypassed as there is nothing that limits what can be set in the labels, this should be at least announced and documented clearly.
> We should default to the old behaviour and only override with the label if the \{{userLabelKey}} parameter is explicitly set on startup. The default config should *not* set the value.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@yunikorn.apache.org
For additional commands, e-mail: issues-help@yunikorn.apache.org