Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(735): allow setting fluentd PodSecurityContext #744

Merged
merged 1 commit into from
May 28, 2023
Merged

fix(735): allow setting fluentd PodSecurityContext #744

merged 1 commit into from
May 28, 2023

Conversation

erhudy
Copy link
Contributor

@erhudy erhudy commented May 21, 2023
edited
Loading

This adds fsGroup as a field that can be set in the CRD and sets it to the kubesphere fluentd image default of 101 if not explicitly configured.

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes #735

Does this PR introduced a user-facing change?

Allows setting fsGroup for fluentd pods. Defaults to 101 (matching the kubesphere fluentd image) if not explicitly specified.

Additional documentation, usage docs, etc.:

@erhudy erhudy force-pushed the set-sts-fsgroup branch from 96d53a5 to 0a080a3 Compare May 21, 2023 15:30
@erhudy erhudy mentioned this pull request May 21, 2023
Closed
benjaminhuo
benjaminhuo reviewed May 22, 2023
View reviewed changes
apis/fluentd/v1alpha1/fluentd_types.go Outdated
@@ -86,6 +86,8 @@ type FluentdSpec struct {
VolumeClaimTemplates []corev1.PersistentVolumeClaim `json:"volumeClaimTemplates,omitempty"`
// Service represents configurations on the fluentd service.
Service FluentDService `json:"service,omitempty"`
// FSGroup represents the fsGroup that will be used in the fluentd PodSecurityContext.
FSGroup *int64 `json:"fsGroup,omitempty"`
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@erhudy Thanks for the contribution.

I think we need to add SecurityContext field here just like fluentbit does:
https://github.com/fluent/fluent-operator/blob/master/apis/fluentbit/v1alpha2/fluentbit_types.go#L77

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@benjaminhuo updated, sorry for the delay.

@erhudy erhudy force-pushed the set-sts-fsgroup branch 2 times, most recently from b2d1f58 to 9829add Compare May 27, 2023 20:12
@erhudy erhudy changed the title fix(735): allow setting fsGroup for fluentd PodSecurityContext fix(735): allow setting fluentd PodSecurityContext May 27, 2023
@erhudy
fix(735): allow setting PodSecurityContext
9896dec 
This allows setting the PodSecurityContext for the fluentd pods.
If unset, defaults to a PSC with fsGroup=101 (matching
the kubesphere fluentd images).

Signed-off-by: Edmund Rhudy <[email protected]>
@erhudy erhudy force-pushed the set-sts-fsgroup branch from 9829add to 9896dec Compare May 27, 2023 20:13
@benjaminhuo
Copy link
Member

@erhudy Thank you!

@benjaminhuo benjaminhuo merged commit 002f369 into fluent:master May 28, 2023
@erhudy erhudy deleted the set-sts-fsgroup branch May 30, 2023 16:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@benjaminhuo benjaminhuo benjaminhuo approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

bug: EACCES error="Permission denied @ dir_s_mkdir
2 participants
@erhudy @benjaminhuo