Peter Bacsko created YUNIKORN-1306:
--------------------------------------
Summary: [Umbrella] Enhanced user and group handling
Key: YUNIKORN-1306
URL: https://issues.apache.org/jira/browse/YUNIKORN-1306
Project: Apache YuniKorn
Issue Type: New Feature
Components: shim - kubernetes
Reporter: Peter Bacsko
Yunikorn needs a more secure and robust user/group handling.
Currently, the YK handles users is by using a label on the pod. However, this
label can contain anything and no verification is performed by Yunikorn to make
sure that the users are what the label say they are.
The group support is also lacking. There is a lookup feature in the core, but
that is very limited. It's an OS-based lookup similar to how Hadoop works, but
YK runs inside a container. Determining which group a user belongs to is too
late in the core.
Yunikorn needs to be able to lookup/detect the real user and group of the
workload (be it a pod or a deployment, job, etc) plus provide backward
compatibility because there are already solutions built on the existing label.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
