Kubernetes annotations10/30/2022 ![]() Please bear in mind that this requires cooperation from your users and as such may not be a suitable solution for shared environments. This can be used to override the USER directives in the images themselves. Users building their own images with the provided docker-image-tool.sh script can use the -u option to specify the desired UID.Īlternatively the Pod Template feature can be used to add a Security Context with a runAsUser to the pods that Spark submits. The resulting UID should include the root group in its supplementary groups in order to be able to run the Spark executables. Security conscious deployments should consider providing custom images with USER directives specifying their desired unprivileged UID and GID. This means that the resulting images will be running the Spark processes as this UID inside the container. ![]() Images built from the project provided Dockerfiles contain a default USER directive with a default UID of 185. ![]() Please see Spark Security and the specific security sections in this doc before running Spark. Or an untrusted network, it’s important to secure access to the cluster to prevent unauthorized applications When deploying a cluster that is open to the internet Security features like authentication are not enabled by default. Kubernetes scheduler that has been added to Spark. Spark can run on clusters managed by Kubernetes.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |