pipelines icon indicating copy to clipboard operation
pipelines copied to clipboard

Published 20 hours ago verified publisher icon kubeflow

[feature] Configuring securityContext at pod level

Open axel7083 opened this issue 2 years ago • 5 comments

Feature Area

/area backend /area sdk

/area components

What feature would you like to see?

Being able to configure securityContext in v2.

What is the use case or pain point?

When using an image from dockerhub for example, which has not a default user 0 in the @dsl.component(base_image="<non-root-image>"), when trying to write to OutputPath, got the following error:

failed to execute component: unable to create directory "/minio/mlpipeline/v2/artifacts/pipeline-name/uuid/custom-function" for output artifact "model": mkdir /minio: permission denied

Details

Worflow support the security at spec level Workflow Pod Security Context.

Love this idea? Give it a 👍.

axel7083 avatar Jul 26 '23 15:07 axel7083

What are the versions of KFP and SDK you're using? Also what container image being used for the component?

chensun avatar Aug 11 '23 00:08 chensun

Agree +1.

I'm using KFP v2, and it look like we can't add the securityContext to the IR YAML.

dashanji avatar Oct 09 '23 11:10 dashanji

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

github-actions[bot] avatar Jan 08 '24 07:01 github-actions[bot]

PR #10538 will handle this

rimolive avatar Mar 06 '24 20:03 rimolive

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

github-actions[bot] avatar May 06 '24 07:05 github-actions[bot]

This issue has been automatically closed because it has not had recent activity. Please comment "/reopen" to reopen it.

github-actions[bot] avatar May 28 '24 07:05 github-actions[bot]

/reopen

rimolive avatar May 28 '24 12:05 rimolive

@rimolive: Reopened this issue.

In response to this:

/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

google-oss-prow[bot] avatar May 28 '24 12:05 google-oss-prow[bot]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

github-actions[bot] avatar Jul 29 '24 07:07 github-actions[bot]

/lifecycle frozen

juliusvonkohout avatar Jul 31 '24 11:07 juliusvonkohout