[
https://issues.apache.org/jira/browse/SUBMARINE-1179?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
cdmikechen updated SUBMARINE-1179:
----------------------------------
Description:
Database and minio need user uid 999 / 0 to run container, notebook need group
uid 100 . Sometimes, K8s's security policy prohibits too small uid values.
We need to add PodSecurityPolicies(k8s) or
SecurityContextConstraints(openshift) to let pod run as a user with specified
uid. e.g.
{code:java}
securityContext:
runAsUser: 999
{code}
{code:java}
securityContext:
fsGroup: 100
{code}
was:
Database and minio need user uid 999 / 0 to run container. Sometimes, K8s's
security policy prohibits too small uid values.
We need to add PodSecurityPolicies(k8s) or
SecurityContextConstraints(openshift) to let pod run as a user with specified
uid. e.g.
{code}
securityContext:
runAsUser: 999
{code}
> Add PodSecurityPolicies/SecurityContextConstraints for submarine
> ----------------------------------------------------------------
>
> Key: SUBMARINE-1179
> URL: https://issues.apache.org/jira/browse/SUBMARINE-1179
> Project: Apache Submarine
> Issue Type: Bug
> Components: Cloud-native Deployment
> Reporter: cdmikechen
> Priority: Major
>
> Database and minio need user uid 999 / 0 to run container, notebook need
> group uid 100 . Sometimes, K8s's security policy prohibits too small uid
> values.
> We need to add PodSecurityPolicies(k8s) or
> SecurityContextConstraints(openshift) to let pod run as a user with specified
> uid. e.g.
> {code:java}
> securityContext:
> runAsUser: 999
> {code}
> {code:java}
> securityContext:
> fsGroup: 100
> {code}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
