Tags: yugabyte/charts
Tags
[PLAT-17919]Don't run the otel_collector as root always Summary: This change adds OpenShift compatibility to the Helm chart by conditionally disabling securityContext injection based on a new ocpCompatibility.enabled flag in values.yaml. There are 3 possible cases for universe deployment - Running pods with root access -> otel container also needs root - Running pods with non-root user (using podSecurityContext) -> otel container should use the same user/group - Running on OCP cluster (No securityContext at all) -> otel container should not have any security context Updating the image for initContainers with the YBDB image Test Plan: Tested the following cases - - Create a vanilla k8s universe -> enable audit logs -> otel-container uses root user - Create a universe with non-root user -> enable audit logs -> otel-container uses the user for securityContext - Create a openshiftUniverse -> (set ocpCompatibility.enabled to true) -> otel-container doesn't specify any securityContext Reviewers: vkumar, anijhawan, sneelakantan Reviewed By: vkumar Subscribers: yugaware Differential Revision: https://phorge.dev.yugabyte 10000 .com/D44958
[PLAT-17919]Don't run the otel_collector as root always Summary: This change adds OpenShift compatibility to the Helm chart by conditionally disabling securityContext injection based on a new ocpCompatibility.enabled flag in values.yaml. There are 3 possible cases for universe deployment - Running pods with root access -> otel container also needs root - Running pods with non-root user (using podSecurityContext) -> otel container should use the same user/group - Running on OCP cluster (No securityContext at all) -> otel container should not have any security context Updating the image for initContainers with the YBDB image Test Plan: Tested the following cases - - Create a vanilla k8s universe -> enable audit logs -> otel-container uses root user - Create a universe with non-root user -> enable audit logs -> otel-container uses the user for securityContext - Create a openshiftUniverse -> (set ocpCompatibility.enabled to true) -> otel-container doesn't specify any securityContext Reviewers: vkumar, anijhawan, sneelakantan Reviewed By: vkumar Subscribers: yugaware Differential Revision: https://phorge.dev.yugabyte.com/D44958
[PLAT-17919]Don't run the otel_collector as root always Summary: This change adds OpenShift compatibility to the Helm chart by conditionally disabling securityContext injection based on a new ocpCompatibility.enabled flag in values.yaml. There are 3 possible cases for universe deployment - Running pods with root access -> otel container also needs root - Running pods with non-root user (using podSecurityContext) -> otel container should use the same user/group - Running on OCP cluster (No securityContext at all) -> otel container should not have any security context Updating the image for initContainers with the YBDB image Test Plan: Tested the following cases - - Create a vanilla k8s universe -> enable audit logs -> otel-container uses root user - Create a universe with non-root user -> enable audit logs -> otel-container uses the user for securityContext - Create a openshiftUniverse -> (set ocpCompatibility.enabled to true) -> otel-container doesn't specify any securityContext Reviewers: vkumar, anijhawan, sneelakantan Reviewed By: vkumar Subscribers: yugaware Differential Revision: https://phorge.dev.yugabyte.com/D44958
[PLAT-17919]Don't run the otel_collector as root always Summary: This change adds OpenShift compatibility to the Helm chart by conditionally disabling securityContext injection based on a new ocpCompatibility.enabled flag in values.yaml. There are 3 possible cases for universe deployment - Running pods with root access -> otel container also needs root - Running pods with non-root user (using podSecurityContext) -> otel container should use the same user/group - Running on OCP cluster (No securityContext at all) -> otel container should not have any security context Updating the image for initContainers with the YBDB image Test Plan: Tested the following cases - - Create a vanilla k8s universe -> enable audit logs -> otel-container uses root user - Create a universe with non-root user -> enable audit logs -> otel-container uses the user for securityContext - Create a openshiftUniverse -> (set ocpCompatibility.enabled to true) -> otel-container doesn't specify any securityContext Reviewers: vkumar, anijhawan, sneelakantan Reviewed By: vkumar Subscribers: yugaware Differential Revision: https://phorge.dev.yugabyte.com/D44958
[PLAT-17919]Don't run the otel_collector as root always Summary: This change adds OpenShift compatibility to the Helm chart by conditionally disabling securityContext injection based on a new ocpCompatibility.enabled flag in values.yaml. There are 3 possible cases for universe deployment - Running pods with root access -> otel container also needs root - Running pods with non-root user (using podSecurityContext) -> otel container should use the same user/group - Running on OCP cluster (No securityContext at all) -> otel container should not have any security context Updating the image for initContainers with the YBDB image Test Plan: Tested the following cases - - Create a vanilla k8s universe -> enable audit logs -> otel-container uses root user - Create a universe with non-root user -> enable audit logs -> otel-container uses the user for securityContext - Create a openshiftUniverse -> (set ocpCompatibility.enabled to true) -> otel-container doesn't specify any securityContext Reviewers: vkumar, anijhawan, sneelakantan Reviewed By: vkumar Subscribers: yugaware Differential Revision: https://phorge.dev.yugabyte.com/D44958
[PLAT-17919]Don't run the otel_collector as root always Summary: This change adds OpenShift compatibility to the Helm chart by conditionally disabling securityContext injection based on a new ocpCompatibility.enabled flag in values.yaml. There are 3 possible cases for universe deployment - Running pods with root access -> otel container also needs root - Running pods with non-root user (using podSecurityContext) -> otel container should use the same user/group - Running on OCP cluster (No securityContext at all) -> otel container should not have any security context Updating the image for initContainers with the YBDB image Test Plan: Tested the following cases - - Create a vanilla k8s universe -> enable audit logs -> otel-container uses root user - Create a universe with non-root user -> enable audit logs -> otel-container uses the user for securityContext - Create a openshiftUniverse -> (set ocpCompatibility.enabled to true) -> otel-container doesn't specify any securityContext Reviewers: vkumar, anijhawan, sneelakantan Reviewed By: vkumar Subscribers: yugaware Differential Revision: https://phorge.dev.yugabyte.com/D44958
[PLAT-17919]Don't run the otel_collector as root always Summary: This change adds OpenShift compatibility to the Helm chart by conditionally disabling securityContext injection based on a new ocpCompatibility.enabled flag in values.yaml. There are 3 possible cases for universe deployment - Running pods with root access -> otel container also needs root - Running pods with non-root user (using podSecurityContext) -> otel container should use the same user/group - Running on OCP cluster (No securityContext at all) -> otel container should not have any security context Updating the image for initContainers with the YBDB image Test Plan: Tested the following cases - - Create a vanilla k8s universe -> enable audit logs -> otel-container uses root user - Create a universe with non-root user -> enable audit logs -> otel-container uses the user for securityContext - Create a openshiftUniverse -> (set ocpCompatibility.enabled to true) -> otel-container doesn't specify any securityContext Reviewers: vkumar, anijhawan, sneelakantan Reviewed By: vkumar Subscribers: yugaware Differential Revision: https://phorge.dev.yugabyte.com/D44958
[PLAT-17919]Don't run the otel_collector as root always Summary: This change adds OpenShift compatibility to the Helm chart by conditionally disabling securityContext injection based on a new ocpCompatibility.enabled flag in values.yaml. There are 3 possible cases for universe deployment - Running pods with root access -> otel container also needs root - Running pods with non-root user (using podSecurityContext) -> otel container should use the same user/group - Running on OCP cluster (No securityContext at all) -> otel container should not have any security context Updating the image for initContainers with the YBDB image Test Plan: Tested the following cases - - Create a vanilla k8s universe -> enable audit logs -> otel-container uses root user - Create a universe with non-root user -> enable audit logs -> otel-container uses the user for securityContext - Create a openshiftUniverse -> (set ocpCompatibility.enabled to true) -> otel-container doesn't specify any securityContext Reviewers: vkumar, anijhawan, sneelakantan Reviewed By: vkumar Subscribers: yugaware Differential Revision: https://phorge.dev.yugabyte.com/D44958
[PLAT-17919]Don't run the otel_collector as root always Summary: This change adds OpenShift compatibility to the Helm chart by conditionally disabling securityContext injection based on a new ocpCompatibility.enabled flag in values.yaml. There are 3 possible cases for universe deployment - Running pods with root access -> otel container also needs root - Running pods with non-root user (using podSecurityContext) -> otel container should use the same user/group - Running on OCP cluster (No securityContext at all) -> otel container should not have any security context Updating the image for initContainers with the YBDB image Test Plan: Tested the following cases - - Create a vanilla k8s universe -> enable audit logs -> otel-container uses root user - Create a universe with non-root user -> enable audit logs -> otel-container uses the user for securityContext - Create a openshiftUniverse -> (set ocpCompatibility.enabled to true) -> otel-container doesn't specify any securityContext Reviewers: vkumar, anijhawan, sneelakantan Reviewed By: vkumar Subscribers: yugaware Differential Revision: https://phorge.dev.yugabyte.com/D44958
[PLAT-17919]Don't run the otel_collector as root always Summary: This change adds OpenShift compatibility to the Helm chart by conditionally disabling securityContext injection based on a new ocpCompatibility.enabled flag in values.yaml. There are 3 possible cases for universe deployment - Running pods with root access -> otel container also needs root - Running pods with non-root user (using podSecurityContext) -> otel container should use the same user/group - Running on OCP cluster (No securityContext at all) -> otel container should not have any security context Updating the image for initContainers with the YBDB image Test Plan: Tested the following cases - - Create a vanilla k8s universe -> enable audit logs -> otel-container uses root user - Create a universe with non-root user -> enable audit logs -> otel-container uses the user for securityContext - Create a openshiftUniverse -> (set ocpCompatibility.enabled to true) -> otel-container doesn't specify any securityContext Reviewers: vkumar, anijhawan, sneelakantan Reviewed By: vkumar Subscribers: yugaware Differential Revision: https://phorge.dev.yugabyte.com/D44958
PreviousNext