Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow customizing security context #332

Merged
merged 1 commit into from
Jul 6, 2021
Merged

Allow customizing security context #332

merged 1 commit into from
Jul 6, 2021

Conversation

owais
Copy link
Contributor

@owais owais commented Jul 1, 2021

This allows users to customize the container security context settings. It's helpful when some collector features need elevated privileges.

@owais owais requested review from a team and bogdandrutu July 1, 2021 21:48
@owais owais force-pushed the security-context branch from b836b97 to de5e088 Compare July 1, 2021 21:49
owais
owais commented Jul 1, 2021
View reviewed changes
PROJECT Show resolved Hide resolved
@owais owais requested a review from jpkrohling July 1, 2021 21:51
@owais owais force-pushed the security-context branch from de5e088 to 4091a08 Compare July 2, 2021 14:00
jpkrohling
jpkrohling reviewed Jul 2, 2021
View reviewed changes
Copy link
Member

@jpkrohling jpkrohling left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, and is ready to be merged as soon as a unit test is added.

pkg/collector/container.go Outdated
Args: args,
Env: envVars,
Resources: otelcol.Spec.Resources,
SecurityContext: &otelcol.Spec.SecurityContext,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you add a unit test, ensuring that a security context set at the CR will propagate down to the container?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure. Im out for the weekend. Will do on Monday.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Followed existing test for volumes and added a new one for security context. LMK if you think that's enough.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

They look good!

Copy link
Contributor

@VineethReddy02 VineethReddy02 Jul 5, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@owais Currently we are manually maintaining the Otelcol spec in this doc to let users know what all options can be configured in the CR. Can you add SecurityContext to this doc?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Totally forgot about the doc... Another reason to automate it as soon as possible :-)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated

@owais owais force-pushed the security-context branch from 4091a08 to e4e62f8 Compare July 4, 2021 22:10
jpkrohling
jpkrohling reviewed Jul 5, 2021
View reviewed changes
api/v1alpha1/opentelemetrycollector_types.go Outdated
// SecurityContext will be set as the container security context
// +optional
// +operator-sdk:gen-csv:customresourcedefinitions.specDescriptors=true
SecurityContext v1.SecurityContext `json:"securityContext,omitempty"`
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for catching this only now, but this should be a pointer. Otherwise, we won't know when it's been specified explicitly by the user. We need this signal if we ever decide to change the default value we pass down to the containers.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated

pkg/collector/container.go Outdated
Args: args,
Env: envVars,
Resources: otelcol.Spec.Resources,
SecurityContext: &otelcol.Spec.SecurityContext,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

They look good!

@VineethReddy02
Copy link
Contributor

LGTM!

@owais owais force-pushed the security-context branch from e4e62f8 to 8d096cb Compare July 6, 2021 13:40
@owais
Container Security Context
304d692 
Allow setting a custom security context on containers.
@owais owais force-pushed the security-context branch from 8d096cb to 304d692 Compare July 6, 2021 13:41
@jpkrohling jpkrohling merged commit f6a55f6 into open-telemetry:main Jul 6, 2021
@owais owais deleted the security-context branch July 6, 2021 21:03
shree007 pushed a commit to shree007/opentelemetry-operator that referenced this pull request Dec 12, 2021
@owais
Container Security Context (open-telemetry#332)
a25dafd 
Allow setting a custom security context on containers.
ItielOlenick pushed a commit to ItielOlenick/opentelemetry-operator that referenced this pull request May 1, 2024
@owais
Container Security Context (open-telemetry#332)
097330b 
Allow setting a custom security context on containers.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jpkrohling jpkrohling jpkrohling approved these changes

@bogdandrutu bogdandrutu Awaiting requested review from bogdandrutu

@VineethReddy02 VineethReddy02 Awaiting requested review from VineethReddy02

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@owais @VineethReddy02 @jpkrohling