[Feature] add runAsNonRoot filed #195
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
yandongxiao
force-pushed
the
feature/run-as-user
branch
2 times, most recently
from
7df17ae
to
624a001
Compare
Signed-off-by: yandongxiao <[email protected]>
yandongxiao
force-pushed
the
feature/run-as-user
branch
from
624a001
to
e1a02fc
Compare
yandongxiao
changed the title
kevincai
reviewed
Jul 26, 2023
| @@ -84,6 +85,11 @@ type StarRocksComponentSpec struct { | |||
| // serviceAccount for access cloud service. | |||
| ServiceAccount string `json:"serviceAccount,omitempty"` | |||
|
|
|||
| // RunAsGroup is used to determine whether to run starrocks as a normal user. | |||
There was a problem hiding this comment.
fix the comment, it is RunAsNonRoot, not RunAsGroup
kevincai
reviewed
Jul 26, 2023
| @@ -191,6 +194,9 @@ starrocksCnSpec: | |||
| serviceAccount: "" | |||
| # add annotations for cn pods. example, if you want to config monitor for datadog, you can config the annotations. | |||
| annotations: {} | |||
| # If runAsNonRoot is true, the container is run as non-root user. | |||
| # The userId will be set to 1000, and the groupID will be set to 1000. | |||
| runAsNonRoot: false | |||
There was a problem hiding this comment.
does this configuration overwrite fsGroup? or we won't use fsGroup any more?
There was a problem hiding this comment.
No, they both are used to control different part in security context
Signed-off-by: yandongxiao <[email protected]>
Signed-off-by: yandongxiao <[email protected]>
Signed-off-by: yandongxiao <[email protected]>
kevincai
reviewed
Jul 27, 2023
kevincai
previously approved these changes
Jul 27, 2023
Co-authored-by: Kevin Cai <[email protected]> Signed-off-by: yandongxiao <[email protected]>
yandongxiao
force-pushed
the
feature/run-as-user
branch
from
e6f2e96
to
aa3aa04
Compare
kevincai
approved these changes
Jul 27, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.