add `fsGroupChangePolicy: "OnRootMismatch"` to all deployments that use persistent bulk storage

uselagoon / build-deploy-tool

Tool to generate build resources

2 stars 5 forks source link

add `fsGroupChangePolicy: "OnRootMismatch"` to all deployments that use persistent bulk storage #234

Closed Schnitzel closed 8 months ago

Schnitzel commented 9 months ago

fixes #235

shreddedbacon commented 9 months ago

We have a file that is used by rootless workloads already that this would probably be better placed into, rather than each template individually: https://github.com/uselagoon/build-deploy-tool/blob/main/legacy/rootless.values.yaml

smlx commented 9 months ago

This might also need testing on at least the main hyperscalers, and provisioners used in CI similar to https://github.com/uselagoon/lagoon/pull/2481#issuecomment-774070068

I wouldn't be surprised if Azure does something exciting and different by default.

shreddedbacon commented 9 months ago

This might also need testing on at least the main hyperscalers, and provisioners used in CI similar to uselagoon/lagoon#2481 (comment)

I wouldn't be surprised if Azure does something exciting and different by default.

Yeah, I asked in the issue how this may impact on other provisioners, as there are so many.

It may be worth wrapping this in a feature flag for injection, and for AIO setting this flag to enabled on clusters using this driver? https://gist.github.com/shreddedbacon/62df6b27c2989782c566a577ee75b484

tobybellwood commented 9 months ago

yes - lets wrap this in a feature flag (FS_ON_ROOT_MISMATCH) for now whilst we look at the alternative NFS systems.