-
Notifications
You must be signed in to change notification settings - Fork 67
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature] add runAsNonRoot filed #195
Conversation
7df17ae
to
624a001
Compare
Signed-off-by: yandongxiao <[email protected]>
624a001
to
e1a02fc
Compare
@@ -84,6 +85,11 @@ type StarRocksComponentSpec struct { | |||
// serviceAccount for access cloud service. | |||
ServiceAccount string `json:"serviceAccount,omitempty"` | |||
|
|||
// RunAsGroup is used to determine whether to run starrocks as a normal user. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fix the comment, it is RunAsNonRoot
, not RunAsGroup
@@ -191,6 +194,9 @@ starrocksCnSpec: | |||
serviceAccount: "" | |||
# add annotations for cn pods. example, if you want to config monitor for datadog, you can config the annotations. | |||
annotations: {} | |||
# If runAsNonRoot is true, the container is run as non-root user. | |||
# The userId will be set to 1000, and the groupID will be set to 1000. | |||
runAsNonRoot: false |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
does this configuration overwrite fsGroup
? or we won't use fsGroup
any more?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, they both are used to control different part in security context
Signed-off-by: yandongxiao <[email protected]>
Signed-off-by: yandongxiao <[email protected]>
Signed-off-by: yandongxiao <[email protected]>
Co-authored-by: Kevin Cai <[email protected]> Signed-off-by: yandongxiao <[email protected]>
e6f2e96
to
aa3aa04
Compare
No description provided.