From 7861e111e1106d7de5d90a2e46b0f010866819f7 Mon Sep 17 00:00:00 2001 From: kgcarr Date: Wed, 17 Nov 2021 09:04:43 -0600 Subject: [PATCH] Fix runasuser kgcarr (#255) * Trigger build with new base image * Bump up version * Trigger build with new base image * Update version.go * Update manager.yaml * Update ibm-mongodb-operator.clusterserviceversion.yaml * Update ibm-mongodb-operator.clusterserviceversion.yaml * Trigger build with new base image * first test * code format * update logic Co-authored-by: Travis CI User Co-authored-by: Ashwini Palankar Co-authored-by: ash007-ibm <81858297+ash007-ibm@users.noreply.github.com> --- ...m-mongodb-operator.clusterserviceversion.yaml | 2 +- controllers/mongodb_controller.go | 16 ++++++++++++++++ controllers/statefulset.go | 4 +++- 3 files changed, 20 insertions(+), 2 deletions(-) diff --git a/bundle/manifests/ibm-mongodb-operator.clusterserviceversion.yaml b/bundle/manifests/ibm-mongodb-operator.clusterserviceversion.yaml index f0748195..37e4a6ab 100644 --- a/bundle/manifests/ibm-mongodb-operator.clusterserviceversion.yaml +++ b/bundle/manifests/ibm-mongodb-operator.clusterserviceversion.yaml @@ -164,7 +164,7 @@ spec: - get - list - watch - serviceAccountName: ibm-mongodb-operator + serviceAccountName: ibm-mongodb-operator deployments: - name: ibm-mongodb-operator spec: diff --git a/controllers/mongodb_controller.go b/controllers/mongodb_controller.go index f40444ff..9f24ac71 100644 --- a/controllers/mongodb_controller.go +++ b/controllers/mongodb_controller.go @@ -76,6 +76,7 @@ type mongoDBStatefulSetData struct { StsLabels map[string]string PodLabels map[string]string PVCSize string + UserId int } // +kubebuilder:rbac:groups=mongodb.operator.ibm.com,namespace=ibm-common-services,resources=mongodbs,verbs=get;list;watch;create;update;patch;delete @@ -319,6 +320,20 @@ func (r *MongoDBReconciler) Reconcile(request ctrl.Request) (ctrl.Result, error) } } + // Select User to use + cppConfig := &corev1.ConfigMap{} + err = r.Client.Get(context.TODO(), types.NamespacedName{Name: "ibm-cpp-config", Namespace: instance.Namespace}, cppConfig) + if err != nil { + return reconcile.Result{}, err + } + + uid := 0 + if clusterType, exists := cppConfig.Data["kubernetes_cluster_type"]; exists { + if clusterType != "ocp" { + uid = 1000 + } + } + // Check if statefulset already exists sts := &appsv1.StatefulSet{} var stsLabels map[string]string @@ -389,6 +404,7 @@ func (r *MongoDBReconciler) Reconcile(request ctrl.Request) (ctrl.Result, error) StsLabels: stsLabels, PodLabels: podLabels, PVCSize: PVCSizeRequest, + UserId: uid, } var stsYaml bytes.Buffer diff --git a/controllers/statefulset.go b/controllers/statefulset.go index 23ae1a45..74c89a6e 100644 --- a/controllers/statefulset.go +++ b/controllers/statefulset.go @@ -49,8 +49,10 @@ spec: clusterhealth.ibm.com/dependencies: {{ .NamespaceName }}.cert-manager spec: serviceAccountName: ibm-mongodb-operand + {{ if eq .UserId 1000 }} securityContext: - runAsUser: 1000 + runAsUser: {{ .UserId }} + {{ end }} terminationGracePeriodSeconds: 30 hostNetwork: false hostPID: false