[
https://issues.apache.org/jira/browse/YUNIKORN-650?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17331417#comment-17331417
]
Amit Sharma commented on YUNIKORN-650:
--------------------------------------
Sure I am happy I could help:)
> Retrieve user identity from predefined labels
> ---------------------------------------------
>
> Key: YUNIKORN-650
> URL: https://issues.apache.org/jira/browse/YUNIKORN-650
> Project: Apache YuniKorn
> Issue Type: Sub-task
> Components: shim - kubernetes
> Reporter: Weiwei Yang
> Assignee: Amit Sharma
> Priority: Major
> Labels: pull-request-available
> Fix For: 0.11
>
>
> Define user identity in pod labels and retrieve user identity info from the
> labels.
> Few assumptions:
> * All pods from one application are started by one same user
> * Support the case where user label is not given, the default behavior should
> still work as expected
> * Use pod label in order for easier querying & selecting
> * Known security risk: malicious users may be able to impersonate others by
> injecting values to pod's labels. It is up to other layers in K8s to enforce
> the label can't be modified by users directly, e.g a mutation webhook.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
