I force my users to runAsUser their user ID in order to access storage ( enforced by OPA policy) and maintain POSIX complaince. I put the responsibility of being able to run as non-root and the container creator. I feel like this is growing as standard to run as non-root for things that aren't system level operators in k8s. If they aren't accessing storage, I don't care what UID they run as.
On Fri, Jun 3, 2022, 5:46 PM Lukas Hejtmanek <[email protected]> wrote: > Hello, > > nice to see that only file set can be exported now. > > We are running Kubernetes platform together with Spectrum Scale. Beside > K8s, > we have also HPC clusters using GPFS/NFS exports. > > We would like to integrate storage from HPC to K8s and vice versa. > > Currently, this is a problem because in K8s almost all users are using UID > 1000 for running pods while in HPC they have different UIDs. > > As far as I know, there is no possibility to remap UIDs between K8s and > HPC on > the same Spectrum Scale file system. Running pods with different UIDs is > hard > option as many containers assume, they run exactly as UID 1000. > > What do you think, is there anything that can be done here? > > On Fri, Jun 03, 2022 at 08:19:25PM +0000, Christopher Maestas wrote: > > Hello everyone! > > > > I know I spoke to some of you at ISC 2022 this week about some of these > features. They are officially out! > > > > Check out: > https://www.ibm.com/docs/en/spectrum-scale/5.1.4?topic=summary-changes > > Summary of changes< > https://www.ibm.com/docs/en/spectrum-scale/5.1.4?topic=summary-changes> > > This topic summarizes changes to the IBM Spectrum Scale licensed program > and the IBM Spectrum Scale library. Within each topic, these markers ( ) > surrounding text or illustrations indicate technical changes or additions > that are made to the previous edition of the information. > > www.ibm.com > > > > Particularly: > > --- > > > > Control fileset access for remote clusters > > Administrators can now configure access to remote cluster nodes for only > a subset of filesets instead of the entire file system. For more > information, see Fileset access control for remote clusters< > https://www.ibm.com/docs/en/STXKQY_5.1.4/com.ibm.spectrum.scale.v5r10.doc/bl1adv_fielsetaccesscontrol.html > >. > > > > Increase in the number of independent filesets > > In IBM Spectrum Scale the maximum number of independent filesets is > increased from 1000 to 3000. > > --- > > > > We'll talk further about this at the Scale user group in a few weeks in > London! > > > > -Chris > > > _______________________________________________ > > gpfsug-discuss mailing list > > gpfsug-discuss at gpfsug.org > > http://gpfsug.org/mailman/listinfo/gpfsug-discuss_gpfsug.org > > > -- > Lukáš Hejtmánek > > Linux Administrator only because > Full Time Multitasking Ninja > is not an official job title > > _______________________________________________ > gpfsug-discuss mailing list > gpfsug-discuss at gpfsug.org > http://gpfsug.org/mailman/listinfo/gpfsug-discuss_gpfsug.org >
_______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at gpfsug.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss_gpfsug.org
