Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: custom security context for kafka addon #1337

Merged
merged 5 commits into from
Jan 22, 2025
Merged

feat: custom security context for kafka addon #1337

merged 5 commits into from
Jan 22, 2025

Conversation

lancelot1989
Copy link
Contributor

resolves #1336

@shanshanying shanshanying changed the title Feat/custom security context for kafka addon feat: custom security context for kafka addon Dec 18, 2024
Y-Rookie
Y-Rookie reviewed Dec 18, 2024
View reviewed changes
addons/kafka/templates/cmpd-broker.yaml
securityContext:
runAsNonRoot: true
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The modification logic here differs from the previous implementation.

the default value of allowPrivilegeEscalation is true in k8s?

	// defaultAllowPrivilegeEscalation controls the default setting for whether a
	// process can gain more privileges than its parent process.
	// +optional
	DefaultAllowPrivilegeEscalation *bool `json:"defaultAllowPrivilegeEscalation,omitempty" protobuf:"varint,15,opt,name=defaultAllowPrivilegeEscalation"`
	// allowPrivilegeEscalation determines if a pod can request to allow
	// privilege escalation. If unspecified, defaults to true.
	// +optional
	AllowPrivilegeEscalation *bool `json:"allowPrivilegeEscalation,omitempty" protobuf:"varint,16,opt,name=allowPrivilegeEscalation"`

Copy link
Contributor Author

@lancelot1989 lancelot1989 Dec 18, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, so in the previous implementation, the jmx-exporter will be able to sudo. Now it can't.

If jmx-exporter needs AllowPrivilegeEscalation, i can define another value for it.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

using separate value for exporter's securityContext

@zjx20
Copy link
Contributor

zjx20 commented Dec 26, 2024

@caiq1nyu please take a look.

caiq1nyu
caiq1nyu previously approved these changes Jan 15, 2025
View reviewed changes
@zjx20 zjx20 merged commit ec44453 into apecloud:main Jan 22, 2025
16 checks passed
@zjx20
Copy link
Contributor

zjx20 commented Jan 22, 2025

/cherry-pick release-1.0-beta

apecloud-bot pushed a commit that referenced this pull request Jan 22, 2025
@lancelot1989 @zjx20
feat: custom security context for kafka addon (#1337)
2c44983 
Co-authored-by: lancelot1989 <[email protected]>
(cherry picked from commit ec44453)
@apecloud-bot
Copy link
Collaborator

🤖 says: cherry pick action finished successfully 🎉!
See: https://github.com/apecloud/kubeblocks-addons/actions/runs/12899880946

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Y-Rookie Y-Rookie Y-Rookie approved these changes

@zjx20 zjx20 zjx20 approved these changes

@caiq1nyu caiq1nyu caiq1nyu left review comments

@leon-inf leon-inf Awaiting requested review from leon-inf leon-inf is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Improvement]support custom securityContext for kafka-addon
5 participants
@lancelot1989 @zjx20 @apecloud-bot @caiq1nyu @Y-Rookie