[
https://issues.apache.org/jira/browse/YUNIKORN-1306?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Peter Bacsko updated YUNIKORN-1306:
-----------------------------------
Target Version: 1.2.0
> [Umbrella] Enhanced user and group handling
> -------------------------------------------
>
> Key: YUNIKORN-1306
> URL: https://issues.apache.org/jira/browse/YUNIKORN-1306
> Project: Apache YuniKorn
> Issue Type: New Feature
> Components: shim - kubernetes
> Reporter: Peter Bacsko
> Priority: Major
>
> Yunikorn needs a more secure and robust user/group handling.
> Currently, the YK handles users is by using a label on the pod. However, this
> label can contain anything and no verification is performed by Yunikorn to
> make sure that the users are what the label say they are. If the label is
> missing, the submitter is considered to be a "default" user.
> The group support is also lacking. There is a lookup feature in the core, but
> that is very limited. It's an OS-based lookup similar to how Hadoop works,
> but YK runs inside a container. Determining which group a user belongs to is
> too late in the core.
> Yunikorn needs to be able to lookup/detect the real user and group of the
> workload (be it a pod or a deployment, job, etc) plus provide backward
> compatibility because there are already solutions built on the existing label.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
