Uploaded image for project: 'Apache YuniKorn'
  1. Apache YuniKorn
  2. YUNIKORN-997

Use K8s fine-grained access control for YuniKorn scheduler

    XMLWordPrintableJSON

Details

    Description

      Currently we run with cluster-admin privileges. That is really broad. Kubernetes has more limited roles called system:kube-scheduler and system:volume-scheduler. Those roles are assigned to the default scheduler.

      These roles will not fit for us as we do a little more than the default scheduler when it comes down to placeholder pods.
      We need to assess if we can drop as many privileges as possible and not run with cluster admin role. 

      Attachments

        Issue Links

          Activity

            People

              ccondit Craig Condit
              wilfreds Wilfred Spiegelenburg
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: