Comments (11)
jhamman
commented on May 28, 2024
1
But I agree with your final point, I'm not particularly concerned about this potential.
from dask-kubernetes.
mrocklin
commented on May 28, 2024
dask-kubernetes provides two ways to specify the worker template, either as a separate standalone file with a reference to that file in the config, or by placing the entire worker template into the config file. Here is our current blank config file
kubernetes:
name: "dask-{user}-{uuid}"
namespace: null
count:
start: 0
max: null
host: '0.0.0.0'
port: 0
env: {}
worker-template-path: null
worker-template: {}
# kind: Pod
# metadata:
# labels:
# foo: bar
# baz: quux
# spec:
# restartPolicy: Never
# containers:
# - image: daskdev/dask:latest
# args:
# - dask-worker
# - --nthreads
# - '2'
# - --no-bokeh
# - --memory-limit
# - 6GB
# - --death-timeout
# - '60'
# resources:
# limits:
# cpu: "1.75"
# memory: 6G
# requests:
# cpu: "1.75"
# memory: 6GSo one solution would be to just not use worker-spec.yaml, and instead put the worker spec into dask's proper configuration system.
from dask-kubernetes.
mrocklin
commented on May 28, 2024
We could also merge the two in dask-kubernetes using dask.config.merge(worker_spec_from_file, dask.config.get('kubernetes.worker-template')).
from dask-kubernetes.
jhamman
commented on May 28, 2024
Okay, thanks. It seems setting DASK_KUBERNETES__WORKER_TEMPLATE__SPEC__IMAGE along with moving the worker-template to the dask config file will suffice.
Upon further reflection, I'm curious if removing the worker-template file might simplify things here. This would emphasize the use of the dask-config tools which do provide a lot of flexibility.
from dask-kubernetes.
mrocklin
commented on May 28, 2024
The only challenge would, I think, be that users more familiar with
kubernetes than dask might not appreciate having to nest their config
within dask terms. That's a concern without an active user though, so it's
not particularly valid.
…On Wed, Aug 8, 2018 at 4:47 PM, Joe Hamman ***@***.***> wrote:
Okay, thanks. It seems setting DASK_KUBERNETES__WORKER_
TEMPLATE__SPEC__IMAGE along with moving the worker-template to the dask
config file will suffice.
Upon further reflection, I'm curious if removing the worker-template file
might simplify things here. This would emphasize the use of the dask-config
tools which do provide a lot of flexibility.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#92 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AASszHy-ycit6jNFzxkJ_fp3oGNvl0cjks5uO053gaJpZM4Vy4fK>
.
from dask-kubernetes.
jhamman
commented on May 28, 2024
Fair enough. I don't have strong feelings here as it seems I can do everything I needed to with existing tooling. Happy to see this closed as is unless others have thoughts on the last topics.
from dask-kubernetes.
jhamman
commented on May 28, 2024
So dask/dask#3893 was just merged. How do we feel about expanding environment variables when loading the dask configs from dask-kubernetes?
from dask-kubernetes.
mrocklin
commented on May 28, 2024
I think that one question is "are there any fields that might have
environment variables that we *don't *want to expand?"
…On Wed, Aug 22, 2018 at 5:24 PM, Joe Hamman ***@***.***> wrote:
So dask/dask#3893 <dask/dask#3893> was just
merged. How do we feel about expanding environment variables when loading
the dask configs from dask-kubernetes?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#92 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AASszOPny1S8leAIQe_WD4GUTfLRNgGuks5uTcwdgaJpZM4Vy4fK>
.
from dask-kubernetes.
jhamman
commented on May 28, 2024
I think that one question is "are there any fields that might have environment variables that we *don't *want to expand?"
Not that I'm aware of in this space. @jacobtomlinson, any thoughts here?
from dask-kubernetes.
jacobtomlinson
commented on May 28, 2024
I'm trying to think of a scenario where this would be a problem.
I guess there is potential for another package to update the environment and then dask to expand something nasty into the config. e.g updating the docker image with a crypto miner.
Personally I wouldn't be concerned about things like this though. If we are worrying about the user executing malicious code I can think of much worse things than this.
from dask-kubernetes.
jhamman
commented on May 28, 2024
On the security point, dask is already vulnerable to that sort of environment variable manipulation. The reason we are discussing this is because the image specification in the worker template is in a list of arguments and dask's use of environment variables only works for nested dictionaries.
from dask-kubernetes.
Related Issues (20)
- Allow graceful shutdown HOT 3
- Dask dashboard not loading HOT 4
- Env var duplication HOT 2
- Ability to add different scheduler address to workers outside of standard format HOT 2
- Add a Changelog HOT 4
- Cluster creation constantly failing because of existing scheduler in "Terminating" status HOT 3
- Does dask-kubernetes compatible with newer version of k8rs? HOT 4
- Can not connect to k8s websocket deployed in Rancher HOT 5
- Update dask-kubernetes to a newer kr8s HOT 4
- Add Python 3.12 support HOT 1
- TOCTOU Bug while scaling down workers HOT 5
- Worker RestartPolicy not setable HOT 2
- Dask cluster creation issue with TLS HOT 1
- KubeCluster is shut down automatically even if shutdown_on_close is False HOT 1
- Go code failing to lint
- Dask Cluster with name longer than 53 chars is stuck in Created state, cannot be deleted
- Cannot Overwrite DASK_SCHEDULER_ADDRESS in Worker env HOT 1
- ConnectionClosedError during Dask Cluster Creation with k8s HOT 1
- Missing idleTimeout key in daskcluster_autoshutdown HOT 8
- Add IngressSpec besides ServiceSpec to Scheduler HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dask-kubernetes.