You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@yunikorn.apache.org by "Craig Condit (Jira)" <ji...@apache.org> on 2022/03/09 20:33:00 UTC
[jira] [Commented] (YUNIKORN-997) assess Kubernetes role requirement
[ https://issues.apache.org/jira/browse/YUNIKORN-997?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17503830#comment-17503830 ]
Craig Condit commented on YUNIKORN-997:
---------------------------------------
Added PR which implements fine-grained access control for YuniKorn.
> assess Kubernetes role requirement
> ----------------------------------
>
> Key: YUNIKORN-997
> URL: https://issues.apache.org/jira/browse/YUNIKORN-997
> Project: Apache YuniKorn
> Issue Type: Improvement
> Components: shim - kubernetes
> Reporter: Wilfred Spiegelenburg
> Assignee: Craig Condit
> Priority: Major
> Labels: pull-request-available
>
> Currently we run with cluster-admin privileges. That is really broad. Kubernetes has more limited roles called {{system:kube-scheduler}} and {{{}system:volume-scheduler{}}}. Those roles are assigned to the default scheduler.
> These roles will not fit for us as we do a little more than the default scheduler when it comes down to placeholder pods.
> We need to assess if we can drop as many privileges as possible and not run with cluster admin role.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@yunikorn.apache.org
For additional commands, e-mail: issues-help@yunikorn.apache.org