[yunikorn-site] branch master updated: [YUNIKORN-1432] User/group resolution: update documentation about configmaps (#219)

[pbacsko]

This is an automated email from the ASF dual-hosted git repository.

pbacsko pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/yunikorn-site.git


The following commit(s) were added to refs/heads/master by this push:
     new c737c7b78 [YUNIKORN-1432] User/group resolution: update documentation 
about configmaps (#219)
c737c7b78 is described below

commit c737c7b789e897c078eaaa149f0f707b6bf14ba1
Author: Peter Bacsko <pbac...@cloudera.com>
AuthorDate: Tue Nov 29 11:16:32 2022 +0100

    [YUNIKORN-1432] User/group resolution: update documentation about 
configmaps (#219)
    
    Closes: #219
    
    Signed-off-by: Peter Bacsko <pbac...@cloudera.com>
---
 docs/user_guide/usergroup_resolution.md | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/docs/user_guide/usergroup_resolution.md 
b/docs/user_guide/usergroup_resolution.md
index bc3241ed2..34d4e65dd 100644
--- a/docs/user_guide/usergroup_resolution.md
+++ b/docs/user_guide/usergroup_resolution.md
@@ -105,16 +105,16 @@ Group resolution is no longer necessary inside the shim.
 
 ### Configuring the admission controller
 
-The following environment variables are available for the admission controller:
+The admission controller can be configured with the `yunikorn-configs` 
configmap. All entries start with the prefix 
`admissionController.accessControl.`.
 
 |Variable|Default value|Description|
 |--|--|--|
-|`ADMISSION_CONTROLLER_BYPASS_AUTH`|false|Allow any external user to create 
pods with user information set|
-|`ADMISSION_CONTROLLER_TRUST_CONTROLLERS`|true|Allow Kubernetes controller 
users to create pods with user information set|
-|`ADMISSION_CONTROLLER_SYSTEM_USERS`|"system:serviceaccount:kube-system:*"|Regular
 expression for the allowed controller service account list|
-|`ADMISSION_CONTROLLER_EXTERNAL_USERS`|""|Regular expression for the allowed 
external user list|
-|`ADMISSION_CONTROLLER_EXTERNAL_GROUPS`|""|Regular expression for the allowed 
external group list|
+|`bypassAuth`|false|Allow any external user to create pods with user 
information set|
+|`trustControllers`|true|Allow Kubernetes controller users to create pods with 
user information set|
+|`systemUsers`|"^system:serviceaccount:kube-system:"|Regular expression for 
the allowed controller service account list|
+|`externalUsers`|""|Regular expression for the allowed external user list|
+|`externalGroups`|""|Regular expression for the allowed external group list|
 
-If `ADMISSION_CONTROLLER_BYPASS_AUTH` is set to true the admission controller 
will not add the annotation to a pod if the annotation is not present and the 
deprecated user labell is set. If the annotation is not set and the user label 
is not set the new annotation will be added. In the case that `BYPASS_AUTH` is 
false, the default, the admission controller will always add the new 
annotation, regardless of the existence of the deprecated label.
+If `bypassAuth` is set to true the admission controller will not add the 
annotation to a pod if the annotation is not present and the deprecated user 
labell is set. If the annotation is not set and the user label is not set the 
new annotation will be added. In the case that `bypassAuth` is false, the 
default, the admission controller will always add the new annotation, 
regardless of the existence of the deprecated label.
 
-In certain scenarios, users and groups must be provided to Yunikorn upon 
submission because the user and group management is provided by external 
systems and the lookup mechanism is not trivial. In these cases, the 
`ADMISSION_CONTROLLER_EXTERNAL_USERS` and 
`ADMISSION_CONTROLLER_EXTERNAL_GROUPS` can be configured which are treated as 
regular expressions. Matching users and groups are allowed to set the 
`yunikorn.apache.org/user.info` annotation to any arbitrary value. Since this 
has impli [...]
+In certain scenarios, users and groups must be provided to Yunikorn upon 
submission because the user and group management is provided by external 
systems and the lookup mechanism is not trivial. In these cases, the 
`externalUsers` and `externalGroups` can be configured which are treated as 
regular expressions. Matching users and groups are allowed to set the 
`yunikorn.apache.org/user.info` annotation to any arbitrary value. Since this 
has implications which affects scheduling inside Yuni [...]