volcano
volcano copied to clipboard
volcano-sh
Replace `hostPath` with `emptyDir`or PVC in Scheduler Deployment
What would you like to be added:
Currently the Scheduler Deployment utilizes a hostPath to setup a volume for /tmp/klog-socks:
https://github.com/volcano-sh/volcano/blob/b834fa8939f6ecbb8e96d80a5f1151323956dfdc/installer/helm/chart/volcano/templates/scheduler.yaml#L178C19-L178C19
https://github.com/volcano-sh/volcano/blob/b834fa8939f6ecbb8e96d80a5f1151323956dfdc/installer/volcano-development.yaml#L4117
Instead of utilizing hostPath the deployments could instead utilize an emptyDir or a PVC.
Why is this needed:
As the official k8s documentation states, hostPath presents a security risk and should only be considered if absolutely necessary:
https://kubernetes.io/docs/concepts/storage/volumes/#hostpath
As far as I can tell Volcano is only writing logs to that location and it does not fit the recommended use cases outlined in the k8s docs.
emptyDir is a great option for a temporary storage location that can be discarded any time the pod restarts. Since this volume is writing to /tmp I would assume that it is not critical to keep these logs.
A PVC would be more ideal if the logs do need to persist across the pod restarts.
Yeah, you're right, feel free to make corresponding modifications based on your thought: )
