Open razvan opened 4 weeks ago
Will this issue also address the hard-coded UID, as mentioned in https://github.com/stackabletech/issues/issues/607?
pub const NIFI_UID: i64 = 1000;
@razvan will the fix for this issue be included in release 24.11?
@razvan will the fix for this issue be included in release 24.11?
@PaulienVa I'm a bit skeptical since it has not been prioritized yet. But the roadmap is not fully closed yet so there might be a chance. If it does make it, we'll update the issue (labels).
We are really really really blocked by it, so if by any chance that will weight in the prio's I'll be happy if it could be included in the release :)
@PaulienVa just to be on the same page: You are aware that you can already set a custom securityContext
using podOverrides?
My understanding is that this issue is about (optionally) making it a bit nicer to configure by placing the field a bit higher in the hierarchy.
One working example is
apiVersion: zookeeper.stackable.tech/v1alpha1
kind: ZookeeperCluster
metadata:
name: simple-zk
spec:
image:
productVersion: 3.9.2
servers:
podOverrides:
spec:
securityContext:
runAsUser: 1234
runAsGroup: 5678
fsGroup: 9876
roleGroups:
default:
replicas: 1
Description
Stackable operators use hard-coded pod security contexts as noted in this issue.
These are rather arbitrary and mostly useless in regular OpenShift deployments.
They can be overridden using pod overrides but the use of pod overrides is usually discouraged.
Value
Strengthen security while providing a simple(er) configuration interface for sec contexts.
Tasks
fs_group
is the only one needed.podSecurityContext
fields to cluster and role configurations.containerSecurityContext
fields to cluster and role configurations.