Change user for NATS Pods to 1000 (aka non-root user).
Add an Init-Container to change the owner of the JetStream storage to 1000.
For the e2e-upgrade-test GHAW, add logging for StatefulSet, Deployment, Pods and ConfigMaps that will always be displayed.
Test
We tested this with a pub-sub setup via the eventing-tools:
We created a publisher (without a subscriber) that sends events to fill the file storage of the NATS-server. We eventually stop the publisher, so we have a defined number of events.
We changed the NATS-manager image to this PR's image; this will update the StatefulSet which will trigger a rolling update of the Pods, starting with the InitContainer that changes the owner and rights of the files in the persistantStorage.
We created a subscriber (without a publisher) that will receive the messages created in step 1 and stored in the file storage.
All created messages where received; no messages were lost.
We also checked the owner of the persistent storage:
Before the NATS-manager image change the owner was root and the group was 10001.
After the owner was 1000 and the group was 10001.
Description
Changes proposed in this pull request:
1000(aka non-root user).1000.e2e-upgrade-testGHAW, add logging forStatefulSet,Deployment,PodsandConfigMapsthat will always be displayed.Test We tested this with a pub-sub setup via the eventing-tools:
NATS-server. We eventually stop the publisher, so we have a defined number of events.NATS-managerimage to this PR's image; this will update theStatefulSetwhich will trigger a rolling update of thePods, starting with theInitContainerthat changes the owner and rights of the files in thepersistantStorage.We also checked the owner of the persistent storage: Before the
NATS-managerimage change the owner wasrootand thegroupwas10001. After the owner was1000and thegroupwas10001.Related issue(s)