limited-raincoat-94253
06/22/2023, 10:20 PMmake compile
and ./bin/flyte start --config flyte_local.yaml
to develop flyte locally, how can I specify the pod security context to allow container to run as root?thankful-minister-83577
thankful-minister-83577
limited-raincoat-94253
06/22/2023, 11:29 PMlimited-raincoat-94253
06/22/2023, 11:30 PMpropeller:
rawoutput-prefix: "<ambry://flyte/>"
kube-config: "/Users/yubwang/.kube/config"
create-flyteworkflow-crd: true
webhook:
certDir: /tmp/k8s-webhook-server/serving-certs
serviceName: flyte-pod-webhook
localCert: true
servicePort: 9443
tasks:
task-plugins:
enabled-plugins:
- container
- sidecar
- K8S-ARRAY
default-for-task-types:
- container: container
- container_array: K8S-ARRAY
server:
kube-config: "/Users/yubwang/.kube/config"
httpPort: 30080
serviceHttpEndpoint: <http://localhost:30080/>
grpc:
port: 30081
flyteadmin:
runScheduler: false
namespace_mapping:
template: "flyte"
database:
postgres:
port: 30089
username: postgres
host: localhost
dbname: flyteadmin
options: "sslmode=disable"
storage:
type: ambry
connection:
access-key: minio
auth-type: accesskey
secret-key: miniostorage
disable-ssl: true
endpoint: "<https://ambry-frontend-main.ambry-frontend.ei-ltx1.atd.stg.linkedin.com:3183>"
region: my-region
cache:
max_size_mbs: 10
target_gc_percent: 100
container: "flyte"
Logger:
show-source: true
level: 5
admin:
endpoint: localhost:30081
insecure: true
plugins:
# All k8s plugins default configuration
k8s:
inject-finalizer: true
default-env-vars:
- AWS_METADATA_SERVICE_TIMEOUT: 5
- AWS_METADATA_SERVICE_NUM_ATTEMPTS: 20
- FLYTE_AWS_ENDPOINT: "<http://minio.flyte:9000>"
- FLYTE_AWS_ACCESS_KEY_ID: minio
- FLYTE_AWS_SECRET_ACCESS_KEY: miniostorage
# Logging configuration
logs:
kubernetes-enabled: true
kubernetes-url: "<http://localhost:30082>"
cluster_resources:
refreshInterval: 5m
templatePath: "/etc/flyte/clusterresource/templates"
# -- Starts the cluster resource manager in standalone mode with requisite auth credentials to call flyteadmin service endpoints
standaloneDeployment: false
customData:
- production:
- projectQuotaCpu:
value: "8"
- projectQuotaMemory:
value: "16Gi"
- staging:
- projectQuotaCpu:
value: "8"
- projectQuotaMemory:
value: "16Gi"
- development:
- projectQuotaCpu:
value: "8"
- projectQuotaMemory:
value: "16Gi"
refresh: 5m
flyte:
admin:
disableClusterResourceManager: true
disableScheduler: true
propeller:
disableWebhook: true
task_resources:
defaults:
cpu: 500m
memory: 1Gi
limits:
cpu: 2
memory: 4Gi
gpu: 5
catalog-cache:
endpoint: localhost:8081
insecure: true
type: datacatalog
this is what I have right nowthankful-minister-83577
thankful-minister-83577
default-pod-security-context
limited-raincoat-94253
06/23/2023, 12:17 AMlimited-raincoat-94253
06/23/2023, 12:17 AMplugins:
# All k8s plugins default configuration
k8s:
default-pod-security-context:
run-as-user: 0
allow-privilege-escalation: true
inject-finalizer: true
default-env-vars:
- AWS_METADATA_SERVICE_TIMEOUT: 5
- AWS_METADATA_SERVICE_NUM_ATTEMPTS: 20
- FLYTE_AWS_ENDPOINT: "<http://minio.flyte:9000>"
- FLYTE_AWS_ACCESS_KEY_ID: minio
- FLYTE_AWS_SECRET_ACCESS_KEY: miniostorage
thankful-minister-83577
default-security-context
?thankful-minister-83577