Che-Kuang Chu created SUBMARINE-953:
---------------------------------------
Summary: Submarine-server shouldn't create persistentVolume
manually for notebook
Key: SUBMARINE-953
URL: https://issues.apache.org/jira/browse/SUBMARINE-953
Project: Apache Submarine
Issue Type: Bug
Reporter: Che-Kuang Chu
Assignee: Che-Kuang Chu
Source:
[https://github.com/apache/submarine/blob/72be805fc4672f7f29c96cca95e16d59358d4dd2/submarine-server/server-submitter/submitter-k8s/src/main/java/org/apache/submarine/server/submitter/k8s/K8sSubmitter.java#L379]
We can find out that when we create a notebook custom resource, the server will
manually create the persistent volume for it.
However, this made submarine-server has to grant access to persistent volume
resources, which lead to setting cluster roles for the server.
([https://github.com/apache/submarine/blob/72be805fc4/helm-charts/submarine/templates/rbac.yaml#L61)]
Since the server is in namespace scope, giving it cluster roles is
inappropriate. Besides, this makes multi-tenancy more difficult.
To fix the bug, we can create a *storage class* to dynamically provision
persistent volumes, and submarine-server will only need to deal with persistent
volume claim.
Todos:
* add storageClass
* add persistentVolumeClaim spec to submarine-server
* remove submarine-server createPersistentVolume
* replace clutserrolebinding to rolebinding
* replace clusterrole to role
Ref:
* storage class:
[https://kubernetes.io/docs/concepts/storage/storage-classes/#local]
* notebook-cr spec: [https://www.kubeflow.org/docs/reference/notebook/v1/]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
