Skip to content

Commit 4317942

Browse files
lfranckelfrancke
committed
Remove hardcoded uid and gid, they'll default to the ones from the docker images now
1 parent ca4ff00 commit 4317942

File tree

2 files changed

+6
-8
lines changed

2 files changed

+6
-8
lines changed

CHANGELOG.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,10 @@ All notable changes to this project will be documented in this file.
2323
of having the operator write it to the vector config ([#704]).
2424
- test: Bump to Vector `0.46.1` ([#719]).
2525
- test: Bump OPA to `1.4.2` ([#721]).
26+
- BREAKING: Previously this operator would hardcode the UID and GID of the Pods being created to 1000/0, this has changed now ([#718])
27+
- The `runAsUser` and `runAsGroup` fields will not be set anymore by the operator
28+
- The defaults from the docker images itself will now apply, which will be different from 1000/0 going forward
29+
- This is marked as breaking because tools and policies might exist, which require these fields to be set
2630

2731
### Fixed
2832

@@ -39,6 +43,7 @@ All notable changes to this project will be documented in this file.
3943
[#710]: https://github.com/stackabletech/druid-operator/pull/710
4044
[#714]: https://github.com/stackabletech/druid-operator/pull/714
4145
[#716]: https://github.com/stackabletech/druid-operator/pull/716
46+
[#718]: https://github.com/stackabletech/druid-operator/pull/718
4247
[#719]: https://github.com/stackabletech/druid-operator/pull/719
4348
[#721]: https://github.com/stackabletech/druid-operator/pull/721
4449

rust/operator-binary/src/druid_controller.rs

Lines changed: 1 addition & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -88,7 +88,6 @@ use crate::{
8888
pub const DRUID_CONTROLLER_NAME: &str = "druidcluster";
8989
pub const FULL_CONTROLLER_NAME: &str = concatcp!(DRUID_CONTROLLER_NAME, '.', OPERATOR_NAME);
9090

91-
const DRUID_UID: i64 = 1000;
9291
const DOCKER_IMAGE_BASE_NAME: &str = "druid";
9392

9493
// volume names
@@ -1138,13 +1137,7 @@ fn build_rolegroup_statefulset(
11381137
.add_container(cb_druid.build())
11391138
.metadata(metadata)
11401139
.service_account_name(service_account.name_any())
1141-
.security_context(
1142-
PodSecurityContextBuilder::new()
1143-
.run_as_user(DRUID_UID)
1144-
.run_as_group(0)
1145-
.fs_group(1000)
1146-
.build(),
1147-
);
1140+
.security_context(PodSecurityContextBuilder::new().fs_group(1000).build());
11481141

11491142
if merged_rolegroup_config.logging.enable_vector_agent {
11501143
match &druid.spec.cluster_config.vector_aggregator_config_map_name {

0 commit comments

Comments
 (0)