Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[Launcher] support non-root containers in v2 compatible mode

See original GitHub issue

Currently, because the launcher writes input artifacts to paths like:

  • /gcs/xxx
  • /minio/xxx
  • /s3/xxxx

These paths are not accessible by non-Root users by default.

When using a component with non-Root image, launcher fails when preparing input/output artifacts.

Because /gcs/xxx is currently a contract for KFP v2 python component wrappers, we cannot change to a different path like /tmp/gcs/xxx etc.

Issue Analytics

  • State:open
  • Created 2 years ago
  • Reactions:4
  • Comments:12 (8 by maintainers)

github_iconTop GitHub Comments

1reaction
casassgcommented, Jul 2, 2022

hey folks, is there any update on this? I’m guessing current state is that due to 2.0 coming along soon V2_COMPATIBLE wont be worked on? There are several companies running containers in rootless mode - Is. #6530 still up for consideration?

1reaction
Nagarajjcommented, Aug 18, 2021

I think what needs to be done is basically making sure all the local dirs v2 compatible mode launcher reads from/writes to should be accessible by all non-root users.

@Nagarajj may I confirm do you require all containers to run as non-root? or is it OK for some KFP system containers to be root? e.g. we have a kfp-launcher init container that copies the launcher binary to a shared emptyDir volume. Do you want it to be non-root too?

If we can remove restriction on Component container to be root it will be good. kfp-laucher init container can be root as we control that.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Run the Docker daemon as a non-root user (Rootless mode)
Rootless mode allows running the Docker daemon and containers as a non-root user to mitigate potential vulnerabilities in the daemon and the container ......
Read more >
[APP][ROOT] LMT Launcher v3.2 | XDA Forums
LMT is a tool for Android (tested already on multiple devices but should run on nearly all) that launches a command when perform...
Read more >
Get started with Package Support Framework - MSIX
In this article. Understand what is inside a Package Support Framework; Step 1: Identify packaged application compatibility issues; Step 2: Find ...
Read more >
Enabling GPUs in the Container Runtime Ecosystem
It is compatible with the Open Containers Initiative (OCI) specification ... Tight integration with Docker did not allow support of other ...
Read more >
Release notes for IBM Transformation Extender, V10.0.0
0.0 does not support the Launcher Hypervisor Edition. A Launcher Docker image for Linux platforms is available as an alternative. IBM Runtime ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

[feature] generic viewer operator for managing user webapps in Kubeflow

Next page

No experiment gets created by kfp.Client()