sbernauer
commented
4 months ago LGTM
Closed nightkr closed 2 months ago
sbernauer
commented
4 months ago LGTM
nightkr
commented
4 months ago Moving this into the voting phase.
nightkr
commented
4 months ago No dissent, considering this accepted.
lfrancke
commented
3 months ago Is this anything we documented?
sbernauer
commented
3 months ago Is this already implemented? https://github.com/stackabletech/zookeeper-operator/pull/799 looks like the implementation and is not merged yet
lfrancke
commented
3 months ago I don't know. I found this in the Done column
nightkr
commented
3 months ago Not sure how this got moved to done, #799 has indeed not been reviewed yet.
Is this anything we documented?
It's documented in the PR, but since that still hasn't been merged...
lfrancke
commented
1 month ago As this has been merged now, can you please include a link to the generated docs?
nightkr
commented
1 month ago
This is currently not allowed because it would let users escalate "Is allowed to create sandboxed ZNodes" to "Is allowed to take ownership of any named ZNode".
However, this is preventing users from restoring failed clusters from backups, since there is no way to influence the UID generation at all. One possible compromise would be to introduce a new field
ZookeeperZnode.status.znodePath, which defaults to/{uid}. This would let administrators status-patch the object to override the path, while regular users are typically prohibited (by K8s) from editing the status subresource.