[
https://issues.apache.org/jira/browse/SUBMARINE-1179?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17471817#comment-17471817
]
cdmikechen commented on SUBMARINE-1179:
---------------------------------------
These issue may need 3 tasks:
1. Add a cluster psp/scc in helm.
2. Submarine-Operator need to add corresponding service account, role and role
bind, so that database, minio can start successfully.
3. Submarine-Server need to add corresponding service account in CRD, so that
notebook-controller can create notebook statefulsets successfully.
> Add PodSecurityPolicies/SecurityContextConstraints for submarine
> ----------------------------------------------------------------
>
> Key: SUBMARINE-1179
> URL: https://issues.apache.org/jira/browse/SUBMARINE-1179
> Project: Apache Submarine
> Issue Type: Bug
> Components: Cloud-native Deployment
> Reporter: cdmikechen
> Priority: Major
>
> Database and minio need user uid 999 / 0 to run container, notebook need
> group uid 100 . Sometimes, K8s's security policy prohibits too small uid
> values.
> We need to add PodSecurityPolicies(k8s) or
> SecurityContextConstraints(openshift) to let pod run as a user with specified
> uid. e.g.
> {code:java}
> securityContext:
> runAsUser: 999
> {code}
> {code:java}
> securityContext:
> fsGroup: 100
> {code}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
