-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow the use of arbitrary rkt options similar to the java_options
config
#2657
Comments
Are there a few options you need implemented? They're not difficult to plumb through. We allow arbitrary config options for java because they only affect the JVM and not the container the JVM runs in. We implement containerization options on a case by case basis to try and minimize the ways in which jobs can configure themselves to escape their container. Many options also need to be handled in a special way by Nomad (such as port mappings for docker). That being said playing whack-a-mole trying to cover all of the useful options is a constant pain for users, so I could see us implementing a workaround at least until more security features land that require locking down options. |
I have another ticket (#2629) with a couple that i need, but it would be nice to be able to use the full range of options as our needs change. Thanks! |
I agree with @dansteen that the full gamut would be great, but I think there's a higher-level interface to some of them that would be better for users. For example, there are a number of Aaand I see that |
I think it is worth implementing to avoid specific bugs about adding new options to stay in sync with rkt. For instance I could use |
Signed-off-by: Dmitry Smirnov <onlyjob@member.fsf.org>
We discussed this internally yesterday. Will be closing this ticket for two reasons:
|
Well IMHO this ticket should be closed in favour of other viable solution and at the moment I see none... :( Why would it be a problem with resource constraints? To avoid malicious use of parameters (e.g. parameters injection)? To achieve fool proof job definitions? Regardless, now we'll have to implement more options to match rkt feature set and that means more work and more delays... |
I'm going to lock this issue because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active issues. |
Nomad version
v0.5.6
Operating system and Environment details
Archlinux
There are many options that are able to be set on rkt. It would be nice if we could specify arbitrary options (similar to the handling of the
java_options
config) so we did not have to wait for each option to be supported individually by nomad.Thanks!
The text was updated successfully, but these errors were encountered: