Github user ifilonenko commented on a diff in the pull request:
https://github.com/apache/spark/pull/23017#discussion_r233537461
--- Diff:
resource-managers/kubernetes/docker/src/main/dockerfiles/spark/entrypoint.sh ---
@@ -30,6 +30,10 @@ set -e
# If there is no passwd entry for the container UID, attempt to create one
if [ -z "$uidentry" ] ; then
if [ -w /etc/passwd ] ; then
+ # TODO Should we allow providing an environment variable to set
the desired username?
--- End diff --
You can run the user code with a securityContext where you can specify
runAs: {UID}, but without root you are unable to run useradd commands which
would be crucial for said feature. Kubernetes defaults the security context to
be root.
Also, is there a security problem with running as root in an isolated
container?
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
