[
https://issues.apache.org/jira/browse/YUNIKORN-658?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Weiwei Yang resolved YUNIKORN-658.
----------------------------------
Fix Version/s: 0.11
Assignee: Amit Sharma
Resolution: Won't Fix
> default user should not be nobody
> ---------------------------------
>
> Key: YUNIKORN-658
> URL: https://issues.apache.org/jira/browse/YUNIKORN-658
> Project: Apache YuniKorn
> Issue Type: Sub-task
> Reporter: Wilfred Spiegelenburg
> Assignee: Amit Sharma
> Priority: Blocker
> Fix For: 0.11
>
>
> In YUNIKORN-650 the possibility to read a label from a pod was introduced to
> specify a user for the pod. Allowing a label to specify the user is in itself
> not an issue. The side effects of doing this could be an issue:
> # default behaviour has been changed without documenting it has, this change
> breaks existing deployments which rely on the old behaviour
> # the current behaviour is to default to the ServiceAccountName for the pod.
> This value is always set. The new default is the user nobody as the label is
> not set.
> # ACLs cannot be relied on anymore in any current deployment due to the
> default change.
> # ACLs can always be bypassed as there is nothing that limits what can be
> set in the labels, this should be at least announced and documented clearly.
> We should default to the old behaviour and only override with the label if
> the \{{userLabelKey}} parameter is explicitly set on startup. The default
> config should *not* set the value.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
