Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing securityContext Properties on CRD #94

Closed
numbnut opened this issue Sep 9, 2021 · 6 comments
Closed

Missing securityContext Properties on CRD #94

numbnut opened this issue Sep 9, 2021 · 6 comments

Comments

@numbnut
Copy link

numbnut commented Sep 9, 2021
edited
Loading

I have some problems migrating from the GoogleCloudPlatform/flink-on-k8s-operator. It looks like certain properties just vanished from the CRD. Please take a look at the following list.

taskManager / jobManager / image / job

  1. securityContext.privileged
  2. securityContext.allowPrivilegeEscalation
  3. securityContext.readOnlyRootFilesystem
  4. securityContext.capabilities

I checked the CRD, whether the properties may have been relocated, but I wasn't able to find them in a different place. Is there a reason for removing them? Please let me know, when something is missing to further assist the investigations.
Thank you very much!
@regadas
Copy link
Contributor

regadas commented Sep 10, 2021

Hi @numbnut not sure if I understand this; They are present in the CRD.

@numbnut
Copy link
Author

numbnut commented Sep 14, 2021

Hi @regadas , thanks for the feedback. I will check again and come back to you. Maybe I managed to deploy a broken CRD.

@regadas
Copy link
Contributor

regadas commented Sep 14, 2021

No worries; we are actually improving the deployment process.

@numbnut numbnut mentioned this issue Sep 21, 2021
Closed
@numbnut numbnut changed the title Missing securityContext and other properties on CRDs Missing securityContext Properties on CRD Sep 21, 2021
@numbnut
Copy link
Author

numbnut commented Sep 21, 2021

Hi @regadas ,
I checked it and you where right about the securityContext. It is existing, but some sub properties are missing. I changed the description and only listed the missing ones. Can you say something about why they have been removed. With the GCP Operator they where working fine. Let me add them here as well.

taskManager / jobManager / image / job

    securityContext.privileged
    securityContext.allowPrivilegeEscalation
    securityContext.readOnlyRootFilesystem
    securityContext.capabilities

@acherla
Copy link

acherla commented Jan 19, 2022
edited
Loading

Upping this issue as we are seeing the same issue on our end as well with the latest v0.3.5 release. These seem to be configured in the CRD spec but they are not being picked up when configuring them via the FlinkCluster spec

apiVersion: flinkoperator.k8s.io/v1beta1
kind: FlinkCluster
metadata:
  name: flinkjobcluster-sample
spec:
  flinkVersion: "1.14"
  image:
    name: flink:1.14.2
  jobManager:
    accessScope: Cluster
    securityContext:
      runAsNonRoot: true
      runAsUser: 1000
      runAsGroup: 1000
      privileged: false
    ports:
      ui: 8081
    resources:
      limits:
        memory: "2048Mi"
        cpu: "500m"
  taskManager:
    replicas: 2
    securityContext:
      runAsNonRoot: true
      runAsUser: 1000
      runAsGroup: 1000
      privileged: false
    resources:
      limits:
        memory: "2048Mi"
        cpu: "500m"
  job:
    jarFile: ./examples/streaming/WordCount.jar
    className: org.apache.flink.streaming.examples.wordcount.WordCount
    args: ["--input", "./README.txt"]
    parallelism: 2
    restartPolicy: Never
    securityContext:
      runAsNonRoot: true
      runAsUser: 1000
      runAsGroup: 1000
      privileged: false
  flinkProperties:
    taskmanager.numberOfTaskSlots: "1"

@regadas
Copy link
Contributor

regadas commented Apr 12, 2022

Closing this issue in favor of #241 which outlines why these properties are missing.

@regadas regadas closed this as completed Apr 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@regadas @numbnut @acherla