https://flyte.org logo
#ask-the-community
Title
# ask-the-community
d

Debajyoti Chatterjee

02/22/2024, 1:22 PM
I was trying out Raw Containers and realized that the Flyte Sidecar requires
SYS_PTRACE
capability. This comment here mentions that it is configurable. Would someone be able to point me to the configuration?
I guess this was done to share the process namespace of the main container with the sidecar https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/
Is there any security risk to the host/node due to this? Or is this isolated within the Pod.
We currently use Argo Workflows with the emissary executor, which does not require privileged access. https://argo-workflows.readthedocs.io/en/latest/workflow-executors/#emissary-emissary
s

Samhita Alla

02/23/2024, 6:53 AM
d

Debajyoti Chatterjee

02/23/2024, 10:39 AM
Right, but I don't know how to use this. There are also some conflicts in the PR.
s

Samhita Alla

02/23/2024, 1:59 PM
cc @Kevin Su