adwk67
commented
3 weeks ago Will this issue also address the hard-coded UID, as mentioned in https://github.com/stackabletech/issues/issues/607?
pub const NIFI_UID: i64 = 1000;
Open razvan opened 4 weeks ago
adwk67
commented
3 weeks ago Will this issue also address the hard-coded UID, as mentioned in https://github.com/stackabletech/issues/issues/607?
pub const NIFI_UID: i64 = 1000;
PaulienVa
commented
2 days ago @razvan will the fix for this issue be included in release 24.11?
razvan
commented
2 days ago @razvan will the fix for this issue be included in release 24.11?
@PaulienVa I'm a bit skeptical since it has not been prioritized yet. But the roadmap is not fully closed yet so there might be a chance. If it does make it, we'll update the issue (labels).
PaulienVa
commented
2 days ago We are really really really blocked by it, so if by any chance that will weight in the prio's I'll be happy if it could be included in the release :)
sbernauer
commented
2 days ago @PaulienVa just to be on the same page: You are aware that you can already set a custom securityContext using podOverrides?
My understanding is that this issue is about (optionally) making it a bit nicer to configure by placing the field a bit higher in the hierarchy.
One working example is
apiVersion: zookeeper.stackable.tech/v1alpha1
kind: ZookeeperCluster
metadata:
name: simple-zk
spec:
image:
productVersion: 3.9.2
servers:
podOverrides:
spec:
securityContext:
runAsUser: 1234
runAsGroup: 5678
fsGroup: 9876
roleGroups:
default:
replicas: 1
Description
Stackable operators use hard-coded pod security contexts as noted in this issue.
These are rather arbitrary and mostly useless in regular OpenShift deployments.
They can be overridden using pod overrides but the use of pod overrides is usually discouraged.
Value
Strengthen security while providing a simple(er) configuration interface for sec contexts.
Tasks
fs_groupis the only one needed.podSecurityContextfields to cluster and role configurations.containerSecurityContextfields to cluster and role configurations.