search

jetstack / navigator

Managed Database-as-a-Service (DBaaS) on Kubernetes
Apache License 2.0
271 stars 31 forks source link

Rename fsGroup to runAsUser and set RunAsUser on ES pods #201

Closed munnerz closed 6 years ago

munnerz commented 6 years ago

What this PR does / why we need it:

This renames the 'fsGroup' field to 'runAsUser', and additionally sets the runAsUser fields on pods created by the controller. This fixes issues where there may be a mistmatch between the fsGroup specified and the actual user in the image.

Special notes for your reviewer:

This is required for 6.x support

Release note:

Rename 'fsGroup' to 'runAsUser' and add support for Elasticsearch 6.x

/area elasticsearch /kind feature

jetstack-ci-bot commented 6 years ago

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: We suggest the following additional approver: wallrj

Assign the PR to them by writing /assign @wallrj in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files: - **[OWNERS](https://github.com/jetstack/navigator/blob/master/OWNERS)** You can indicate your approval by writing `/approve` in a comment You can cancel your approval by writing `/approve cancel` in a comment
munnerz commented 6 years ago

ref. #194

/test e2e

munnerz commented 6 years ago

/test e2e

jetstack-ci-bot commented 6 years ago

@munnerz PR needs rebase

munnerz commented 6 years ago

1) Yep, exactly 2) That's what setting fsGroup is for (for the attached PVs). It's the users responsibility to ensure other files (e.g. ES config within the container) is owned by the appropriate user. 3) It doesn't actually require any root privs 😄

jetstack-bot commented 6 years ago

@munnerz: The following test failed, say /retest to rerun them all:

Test name Commit Details Rerun command
navigator-e2e-v1-7 63cca5bd2784f545a99b3767917c6c2de41390df link /test e2e v1.7

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/devel/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).
munnerz commented 6 years ago

Closing in favour of #214

jetstack-ci-bot commented 6 years ago

@munnerz PR needs rebase