Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add securityContext to the user-supplied containers #390

Merged
merged 1 commit into from
Mar 16, 2022
Merged

Add securityContext to the user-supplied containers #390

merged 1 commit into from
Mar 16, 2022

Conversation

masa213f
Copy link
Contributor

@masa213f masa213f commented Mar 16, 2022
edited by ymmt2005
Loading

moco v0.11.0 introduced a bug that it did not set runAsUser and runAsGroup in the user-supplied containers.
In an environment that Pods are restricted to run as a non-root user, this would prevent running mysql pods.

https://kubernetes.io/docs/concepts/policy/pod-security-policy/#users-and-groups
https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted

Signed-off-by: Masayuki Ishii masa213f@gmail.com

@masa213f masa213f self-assigned this Mar 16, 2022
ymmt2005
ymmt2005 previously approved these changes Mar 16, 2022
View reviewed changes
Copy link
Member

@ymmt2005 ymmt2005 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.
Please describe the bug to be fixed by this in the PR description.

@masa213f masa213f marked this pull request as ready for review March 16, 2022 07:00
@masa213f
Add securityContext to the user-specified containers
2a8e4dd 
Signed-off-by: Masayuki Ishii <masa213f@gmail.com>
@masa213f masa213f requested a review from ymmt2005 March 16, 2022 07:32
@masa213f
Copy link
Contributor Author

@ymmt2005
Thank you. Could you check the description and approve again?

ymmt2005
ymmt2005 approved these changes Mar 16, 2022
View reviewed changes
Copy link
Member

@ymmt2005 ymmt2005 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ymmt2005 ymmt2005 merged commit c7f912f into main Mar 16, 2022
@ymmt2005 ymmt2005 deleted the securityContext branch March 16, 2022 07:36
@ymmt2005 ymmt2005 added the bug Something isn't working label Mar 16, 2022
@ymmt2005
Copy link
Member

@masa213f
This is a regression. As such, I rewrote the description and added "bug" label.
Please mark this as a bug in CHANGELOG when you cut the next release.

@ymmt2005 ymmt2005 changed the title Add securityContext to the user-specified containers Add securityContext to the user-supplied containers Mar 16, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ymmt2005 ymmt2005 ymmt2005 approved these changes

Assignees

@masa213f masa213f

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@masa213f @ymmt2005