[
https://issues.apache.org/jira/browse/YUNIKORN-1944?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17762131#comment-17762131
]
PoAn Yang edited comment on YUNIKORN-1944 at 9/5/23 3:13 PM:
-------------------------------------------------------------
> Yes, Each user is allowed to submit max 1 app individually.
Okay. I think the system behavior is correct. The original test_pod.yaml and
test_pod2.yaml files use different users. One is "Dummy" and another is
"testddA". So both pods can be deployed.
—
I try to use the "Dummy" user for both pods and the second pod can't be
scheduled until the first pod is finished.
{code:java}
> kubectl get configmap -n yunikorn yunikorn-configs -o yaml
apiVersion: v1
data:
admissionController.accessControl.bypassAuth: "false"
admissionController.accessControl.externalGroups: devopsnew
admissionController.accessControl.externalUsers: kubernetes-admin
event.ringBufferCapacity: "1000"
queues.yaml: |
partitions:
- name: default
queues:
- name: root
submitacl: '*'
parent: true
limits:
- limit: quota enforcement
users:
- TestA
- '*'
maxapplications: 1
maxresources:
memory: 500M
vcore : 500m
- limit: quota enforcement2
groups:
- devopsn
maxapplications: 2
maxresources:
memory: 500M
vcore : 500m
queues:
- name: default
submitacl: '*'
properties:
application.sort.policy: fifo
application.sort.priority: enabled
resources:
max:
{memory: 2024M, vcore: 6000m}
kind: ConfigMap
metadata:
creationTimestamp: "2023-09-05T12:11:30Z"
name: yunikorn-configs
namespace: yunikorn
resourceVersion: "1794"
uid: bf9763f4-d6b9-4d4a-839e-e92be8e6a46f
> kubectl get pod sleepjob1 -o jsonpath='{.metadata.annotations}' | jq .
{
"yunikorn.apache.org/allow-preemption": "true",
"yunikorn.apache.org/scheduled-at": "1693926432139098968",
"yunikorn.apache.org/user.info":
"{\"user\":\"Dummy\",\"groups\":[\"devopsdddB\",\"system:authenticated\"]}"
}
> kubectl get pod sleepjob2 -o jsonpath='{.metadata.annotations}' | jq .
{
"yunikorn.apache.org/allow-preemption": "true",
"yunikorn.apache.org/user.info":
"{\"user\":\"Dummy\",\"groups\":[\"devopsddB\",\"system:authenticated\"]}"
}
> kubectl get pod
NAME READY STATUS RESTARTS AGE
sleepjob1 1/1 Running 0 24s
sleepjob2 0/1 Pending 0 19s{code}
was (Author: JIRAUSER300229):
> Yes, Each user is allowed to submit max 1 app individually.
Okay. I think the system behavior is correct. The original test_pod.yaml and
test_pod2.yaml files use different users. One is "Dummy" and another is
"testddA". So both pods can be deployed.
---
I try to use "Dummy" for both pods and the second pod is pending.
{code:java}
> kubectl get configmap -n yunikorn yunikorn-configs -o yaml
apiVersion: v1
data:
admissionController.accessControl.bypassAuth: "false"
admissionController.accessControl.externalGroups: devopsnew
admissionController.accessControl.externalUsers: kubernetes-admin
event.ringBufferCapacity: "1000"
queues.yaml: |
partitions:
- name: default
queues:
- name: root
submitacl: '*'
parent: true
limits:
- limit: quota enforcement
users:
- TestA
- '*'
maxapplications: 1
maxresources:
memory: 500M
vcore : 500m
- limit: quota enforcement2
groups:
- devopsn
maxapplications: 2
maxresources:
memory: 500M
vcore : 500m
queues:
- name: default
submitacl: '*'
properties:
application.sort.policy: fifo
application.sort.priority: enabled
resources:
max:
{memory: 2024M, vcore: 6000m}
kind: ConfigMap
metadata:
creationTimestamp: "2023-09-05T12:11:30Z"
name: yunikorn-configs
namespace: yunikorn
resourceVersion: "1794"
uid: bf9763f4-d6b9-4d4a-839e-e92be8e6a46f
> kubectl get pod sleepjob1 -o jsonpath='{.metadata.annotations}' | jq .
{
"yunikorn.apache.org/allow-preemption": "true",
"yunikorn.apache.org/scheduled-at": "1693926432139098968",
"yunikorn.apache.org/user.info":
"{\"user\":\"Dummy\",\"groups\":[\"devopsdddB\",\"system:authenticated\"]}"
}
> kubectl get pod sleepjob2 -o jsonpath='{.metadata.annotations}' | jq .
{
"yunikorn.apache.org/allow-preemption": "true",
"yunikorn.apache.org/user.info":
"{\"user\":\"Dummy\",\"groups\":[\"devopsddB\",\"system:authenticated\"]}"
}
> kubectl get pod
NAME READY STATUS RESTARTS AGE
sleepjob1 1/1 Running 0 24s
sleepjob2 0/1 Pending 0 19s{code}
> Wildcard user limit settings are not honoured by applications
> -------------------------------------------------------------
>
> Key: YUNIKORN-1944
> URL: https://issues.apache.org/jira/browse/YUNIKORN-1944
> Project: Apache YuniKorn
> Issue Type: Bug
> Components: shim - kubernetes
> Reporter: Rajesh Kanhaiya Lal
> Assignee: PoAn Yang
> Priority: Major
> Attachments: test_pod.yaml, test_pod2.yaml, yunikorn-configs.yaml
>
>
> Hi Team,
> The Wildcard setting for the Users on Applications is not applying and quota
> enforcement checks are failing.
> Example
> PFA Yunikorn Config and Pod Spec
> [^yunikorn-configs.yaml] [^test_pod.yaml]
> Scheduling two pods with some dummy users which are not mentioned in the
> Limit configuration and Using wildcard for the Quota enforcement.
> The Limit object restrictions are not taking effect, set 1 max-application
> setting for wildcard user and able to schedule more than 1 application
> without any issue.
> Please let me know if something is required.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
