[jira] [Commented] (YARN-8342) Using docker image from a non-privileged registry, the launch_command is not honored

Fri, 25 May 2018 11:27:59 -0700 

    [ 
https://issues.apache.org/jira/browse/YARN-8342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16491128#comment-16491128
 ] 

Eric Badger commented on YARN-8342:
-----------------------------------

Naming conventions aside for the moment, I believe we should have 3 different 
registry lists. 
1. Registries from which we can run non-privileged containers without mounts
2. Registries from which we can run non-privileged containers with mounts
3. Registries from which we can run privileged or non-privileged containers 
with mounts

Just because I allow docker to run on my cluster doesn't mean that I want to 
allow privileged docker containers to run. Personally, I never want anyone to 
have the ability to run a privileged docker container on my cluster. But, I 
also want to be able to run docker containers with mounts from what I would 
consider a trusted source (registry). Right now the only two options are to 
have a registry that allows privileged containers or have a registry that 
doesn't allow mounts. 

> Using docker image from a non-privileged registry, the launch_command is not 
> honored
> ------------------------------------------------------------------------------------
>
>                 Key: YARN-8342
>                 URL: https://issues.apache.org/jira/browse/YARN-8342
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>            Reporter: Wangda Tan
>            Assignee: Eric Yang
>            Priority: Critical
>              Labels: Docker
>         Attachments: YARN-8342.001.patch
>
>
> During test of the Docker feature, I found that if a container comes from 
> non-privileged docker registry, the specified launch command will be ignored. 
> Container will success without any log, which is very confusing to end users. 
> And this behavior is inconsistent to containers from privileged docker 
> registries.
> cc: [~eyang], [[email protected]], [~ebadger], [~jlowe]



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to