[ https://issues.apache.org/jira/browse/YUNIKORN-658?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Weiwei Yang resolved YUNIKORN-658. ---------------------------------- Fix Version/s: 0.11 Assignee: Amit Sharma Resolution: Won't Fix > default user should not be nobody > --------------------------------- > > Key: YUNIKORN-658 > URL: https://issues.apache.org/jira/browse/YUNIKORN-658 > Project: Apache YuniKorn > Issue Type: Sub-task > Reporter: Wilfred Spiegelenburg > Assignee: Amit Sharma > Priority: Blocker > Fix For: 0.11 > > > In YUNIKORN-650 the possibility to read a label from a pod was introduced to > specify a user for the pod. Allowing a label to specify the user is in itself > not an issue. The side effects of doing this could be an issue: > # default behaviour has been changed without documenting it has, this change > breaks existing deployments which rely on the old behaviour > # the current behaviour is to default to the ServiceAccountName for the pod. > This value is always set. The new default is the user nobody as the label is > not set. > # ACLs cannot be relied on anymore in any current deployment due to the > default change. > # ACLs can always be bypassed as there is nothing that limits what can be > set in the labels, this should be at least announced and documented clearly. > We should default to the old behaviour and only override with the label if > the \{{userLabelKey}} parameter is explicitly set on startup. The default > config should *not* set the value. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@yunikorn.apache.org For additional commands, e-mail: dev-h...@yunikorn.apache.org