Julius von Kohout
Julius von Kohout
> HI @juliusvonkohout , > Can I use your solution to deploy all pods if PSP is enabled? > > Thank you There is not "one" PSP. Please read the...
@sunnythepatel If you would have investigated the cache-server issue yourself, you would have found out that it is fixed upstream in 1.4 and there are instruction on how to build...
"Also, there are issues with pod admitting for User Namespace due to PSP Finally, create a new namespace for the default user (named kubeflow-user-example-com)." Why did you deliberately omit "-...
> > "Also, there are issues with pod admitting for User Namespace due to PSP > > Finally, create a new namespace for the default user (named kubeflow-user-example-com)." > >...
> > @sunnythepatel If you would have investigated the cache-server issue yourself, you would have found out that it is fixed upstream in 1.4 and there are instruction on how...
The instruction is the pull request itself. If you are incapable of building an OCI image use mtr.external.otc.telekomcloud.com/ml-pipeline/cache-deployer:1.5.1 For Katib-mysql you have to set the fsgroup to the actual user....
Alright caching v1 is broken by design in my opinion. Just disable it. It works on my kubernetes 1.20 but has other limitations. Bobgy already proposed caching V2.
Since another user was able to run without root rights, should I proceed by creating a pull request? I could 1. Add istio-cni 1.9.8 for kubernetes and openshift so we...
> 1. What security standards does your proposal include? I would expect for Pods to run as non-root, but did you have other policies in mind? run as non-root and...
This looks very bad. Never ever use root/superuser commands during runtime. In my instance (1.5.1) it runs without problems `uid=1000(1000) gid=0(root) groups=111(authservice)` so far.