Merge remote-tracking branch 'origin/main' into chore/versioned-common-structs

NickLarsenNZ · NickLarsenNZ · commit 2539dc1ab424 · 2025-05-22T15:16:33.000+02:00
diff --git a/.github/workflows/pr_pre-commit.yaml b/.github/workflows/pr_pre-commit.yaml
@@ -3,6 +3,7 @@ name: pre-commit
 
 on:
   pull_request:
+  merge_group:
 
 env:
   CARGO_TERM_COLOR: always
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -68,7 +68,7 @@ repos:
         language: system
         entry: make regenerate-nix
         stages: [pre-commit, pre-merge-commit]
-        pass_filename: false
+        pass_filenames: false
         files: Cargo\.lock
 
       - id: cargo-test
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -22,6 +22,10 @@ All notable changes to this project will be documented in this file.
 - BREAKING: Inject the vector aggregator address into the vector config using the env var `VECTOR_AGGREGATOR_ADDRESS` instead
     of having the operator write it to the vector config ([#671]).
 - test: Bump to Vector `0.46.1` ([#677]).
+- BREAKING: Previously this operator would hardcode the UID and GID of the Pods being created to 1000/0, this has changed now ([#683])
+  - The `runAsUser` and `runAsGroup` fields will not be set anymore by the operator
+  - The defaults from the docker images itself will now apply, which will be different from 1000/0 going forward
+  - This is marked as breaking because tools and policies might exist, which require these fields to be set
 - Use versioned common structs ([#684]).
 
 ### Fixed
@@ -40,6 +44,7 @@ All notable changes to this project will be documented in this file.
 [#672]: https://github.com/stackabletech/hdfs-operator/pull/672
 [#675]: https://github.com/stackabletech/hdfs-operator/pull/675
 [#677]: https://github.com/stackabletech/hdfs-operator/pull/677
+[#683]: https://github.com/stackabletech/hdfs-operator/pull/683
 [#684]: https://github.com/stackabletech/hdfs-operator/pull/684
 
 ## [25.3.0] - 2025-03-21
diff --git a/nix/sources.json b/nix/sources.json
diff --git a/rust/operator-binary/src/crd/constants.rs b/rust/operator-binary/src/crd/constants.rs
@@ -82,5 +82,3 @@ pub const DATANODE_ROOT_DATA_DIR_SUFFIX: &str = "/datanode";
 
 pub const LISTENER_VOLUME_NAME: &str = "listener";
 pub const LISTENER_VOLUME_DIR: &str = "/stackable/listener";
-
-pub const HDFS_UID: i64 = 1000;
diff --git a/rust/operator-binary/src/hdfs_controller.rs b/rust/operator-binary/src/hdfs_controller.rs
@@ -827,13 +827,7 @@ fn rolegroup_statefulset(
         .image_pull_secrets_from_product_image(resolved_product_image)
         .affinity(&merged_config.affinity)
         .service_account_name(service_account.name_any())
-        .security_context(
-            PodSecurityContextBuilder::new()
-                .run_as_user(HDFS_UID)
-                .run_as_group(0)
-                .fs_group(1000)
-                .build(),
-        );
+        .security_context(PodSecurityContextBuilder::new().fs_group(1000).build());
 
     // Adds all containers and volumes to the pod builder
     // We must use the selector labels ("rolegroup_selector_labels") and not the recommended labels
diff --git a/tests/templates/kuttl/kerberos/11-install-opa.yaml.j2 b/tests/templates/kuttl/kerberos/11-install-opa.yaml.j2
@@ -5,7 +5,13 @@ metadata:
   name: opa
 spec:
   image:
+{% if test_scenario['values']['opa'].find(",") > 0 %}
+    custom: "{{ test_scenario['values']['opa'].split(',')[1] }}"
+    productVersion: "{{ test_scenario['values']['opa'].split(',')[0] }}"
+{% else %}
     productVersion: "{{ test_scenario['values']['opa'] }}"
+{% endif %}
+    pullPolicy: IfNotPresent
   servers:
     roleGroups:
       default: {}
diff --git a/tests/templates/kuttl/kerberos/30-access-hdfs.txt.j2 b/tests/templates/kuttl/kerberos/30-access-hdfs.txt.j2
@@ -86,6 +86,4 @@ spec:
                     storage: "1"
       securityContext:
         fsGroup: 1000
-        runAsGroup: 1000
-        runAsUser: 1000
       restartPolicy: OnFailure
diff --git a/tests/templates/kuttl/kerberos/32-check-file.txt.j2 b/tests/templates/kuttl/kerberos/32-check-file.txt.j2
@@ -58,6 +58,4 @@ spec:
                     storage: "1"
       securityContext:
         fsGroup: 1000
-        runAsGroup: 1000
-        runAsUser: 1000
       restartPolicy: OnFailure
diff --git a/tests/templates/kuttl/topology-provider/20-access-hdfs.yaml.j2 b/tests/templates/kuttl/topology-provider/20-access-hdfs.yaml.j2
@@ -64,7 +64,5 @@ commands:
                           storage: "1"
             securityContext:
               fsGroup: 1000
-              runAsGroup: 1000
-              runAsUser: 1000
             restartPolicy: OnFailure
       EOF
diff --git a/tests/test-definition.yaml b/tests/test-definition.yaml
@@ -24,7 +24,7 @@ dimensions:
       - 1.21.1
   - name: opa
     values:
-      - 1.0.1
+      - 1.4.2
   - name: number-of-datanodes
     values:
       - "1"
