Skip to content

Commit

Permalink
runAsUser SecurityContext not working for windows
Browse files Browse the repository at this point in the history 
Signed-off-by: Dani Louca <[email protected]>
  • Loading branch information
@dloucasfx
dloucasfx committed May 26, 2023
1 parent fdb574c commit 63d29a6
Show file tree
Hide file tree
Showing 33 changed files with 71 additions and 14 deletions.
2 changes: 2 additions & 0 deletions examples/add-receiver-creator/rendered_manifests/deployment-cluster-receiver.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ spec:
serviceAccountName: default-splunk-otel-collector
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsUser: "0"
containers:
- name: otel-collector
command:
Expand Down
2 changes: 2 additions & 0 deletions examples/add-sampler/rendered_manifests/deployment-cluster-receiver.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ spec:
serviceAccountName: default-splunk-otel-collector
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsUser: "0"
containers:
- name: otel-collector
command:
Expand Down
2 changes: 2 additions & 0 deletions examples/collector-all-modes/rendered_manifests/deployment-cluster-receiver.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ spec:
serviceAccountName: default-splunk-otel-collector
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsUser: "0"
containers:
- name: otel-collector
command:
Expand Down
2 changes: 2 additions & 0 deletions examples/collector-all-modes/rendered_manifests/deployment-gateway.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ spec:
serviceAccountName: default-splunk-otel-collector
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsUser: "0"
containers:
- name: otel-collector
command:
Expand Down
2 changes: 2 additions & 0 deletions examples/collector-cluster-receiver-only/rendered_manifests/deployment-cluster-receiver.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ spec:
serviceAccountName: default-splunk-otel-collector
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsUser: "0"
containers:
- name: otel-collector
command:
Expand Down
2 changes: 2 additions & 0 deletions examples/collector-gateway-only/rendered_manifests/deployment-gateway.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ spec:
serviceAccountName: default-splunk-otel-collector
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsUser: "0"
containers:
- name: otel-collector
command:
Expand Down
2 changes: 2 additions & 0 deletions examples/crio-logging/rendered_manifests/deployment-cluster-receiver.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ spec:
serviceAccountName: default-splunk-otel-collector
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsUser: "0"
containers:
- name: otel-collector
command:
Expand Down
2 changes: 2 additions & 0 deletions examples/default/rendered_manifests/deployment-cluster-receiver.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ spec:
serviceAccountName: default-splunk-otel-collector
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsUser: "0"
containers:
- name: otel-collector
command:
Expand Down
2 changes: 2 additions & 0 deletions examples/distribution-aks/rendered_manifests/deployment-cluster-receiver.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ spec:
serviceAccountName: default-splunk-otel-collector
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsUser: "0"
containers:
- name: otel-collector
command:
Expand Down
2 changes: 2 additions & 0 deletions examples/distribution-eks-fargate/rendered_manifests/deployment-cluster-receiver.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,8 @@ spec:
values:
- otel-k8s-cluster-receiver
topologyKey: kubernetes.io/hostname
securityContext:
runAsUser: "0"
initContainers:
- name: cluster-receiver-node-discoverer
image: public.ecr.aws/amazonlinux/amazonlinux:latest
Expand Down
2 changes: 2 additions & 0 deletions examples/distribution-eks-fargate/rendered_manifests/deployment-gateway.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ spec:
serviceAccountName: default-splunk-otel-collector
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsUser: "0"
containers:
- name: otel-collector
command:
Expand Down
2 changes: 2 additions & 0 deletions examples/distribution-eks/rendered_manifests/deployment-cluster-receiver.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ spec:
serviceAccountName: default-splunk-otel-collector
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsUser: "0"
containers:
- name: otel-collector
command:
Expand Down
2 changes: 2 additions & 0 deletions examples/distribution-gke-autopilot/rendered_manifests/deployment-cluster-receiver.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ spec:
serviceAccountName: default-splunk-otel-collector
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsUser: "0"
containers:
- name: otel-collector
command:
Expand Down
2 changes: 2 additions & 0 deletions examples/distribution-gke/rendered_manifests/deployment-cluster-receiver.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ spec:
serviceAccountName: default-splunk-otel-collector
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsUser: "0"
containers:
- name: otel-collector
command:
Expand Down
2 changes: 2 additions & 0 deletions examples/distribution-openshift/rendered_manifests/deployment-cluster-receiver.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ spec:
serviceAccountName: default-splunk-otel-collector
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsUser: "0"
containers:
- name: otel-collector
command:
Expand Down
2 changes: 2 additions & 0 deletions examples/enable-network-explorer/rendered_manifests/deployment-cluster-receiver.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ spec:
serviceAccountName: default-splunk-otel-collector
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsUser: "0"
containers:
- name: otel-collector
command:
Expand Down
2 changes: 2 additions & 0 deletions examples/enable-network-explorer/rendered_manifests/deployment-gateway.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ spec:
serviceAccountName: default-splunk-otel-collector
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsUser: "0"
containers:
- name: otel-collector
command:
Expand Down
2 changes: 2 additions & 0 deletions ...ble-operator-and-auto-instrumentation/rendered_manifests/deployment-cluster-receiver.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ spec:
serviceAccountName: default-splunk-otel-collector
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsUser: "0"
containers:
- name: otel-collector
command:
Expand Down
2 changes: 2 additions & 0 deletions examples/enabled-pprof-extension/rendered_manifests/deployment-cluster-receiver.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ spec:
serviceAccountName: default-splunk-otel-collector
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsUser: "0"
containers:
- name: otel-collector
command:
Expand Down
2 changes: 2 additions & 0 deletions examples/filter-container-metrics/rendered_manifests/deployment-cluster-receiver.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ spec:
serviceAccountName: default-splunk-otel-collector
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsUser: "0"
containers:
- name: otel-collector
command:
Expand Down
2 changes: 2 additions & 0 deletions ...entd-multiline-logs-java-stack-traces/rendered_manifests/deployment-cluster-receiver.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ spec:
serviceAccountName: default-splunk-otel-collector
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsUser: "0"
containers:
- name: otel-collector
command:
Expand Down
2 changes: 2 additions & 0 deletions examples/kubernetes-windows-nodes/rendered_manifests/deployment-cluster-receiver.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ spec:
serviceAccountName: default-splunk-otel-collector
nodeSelector:
kubernetes.io/os: windows
securityContext:
{}
containers:
- name: otel-collector
command:
Expand Down
2 changes: 1 addition & 1 deletion examples/only-logs-otel/rendered_manifests/daemonset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ spec:
image: quay.io/signalfx/splunk-otel-collector:0.76.0
imagePullPolicy: IfNotPresent
securityContext:
runAsUser: 0
runAsUser: "0"
env:
- name: SPLUNK_MEMORY_TOTAL_MIB
value: "500"
Expand Down
2 changes: 1 addition & 1 deletion examples/only-logs-with-extra-file-logs/rendered_manifests/daemonset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ spec:
image: quay.io/signalfx/splunk-otel-collector:0.76.0
imagePullPolicy: IfNotPresent
securityContext:
runAsUser: 0
runAsUser: "0"
env:
- name: SPLUNK_MEMORY_TOTAL_MIB
value: "500"
Expand Down
2 changes: 2 additions & 0 deletions examples/only-metrics-platform/rendered_manifests/deployment-cluster-receiver.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ spec:
serviceAccountName: default-splunk-otel-collector
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsUser: "0"
containers:
- name: otel-collector
command:
Expand Down
2 changes: 2 additions & 0 deletions examples/only-metrics/rendered_manifests/deployment-cluster-receiver.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ spec:
serviceAccountName: default-splunk-otel-collector
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsUser: "0"
containers:
- name: otel-collector
command:
Expand Down
2 changes: 2 additions & 0 deletions ...a-through-gateway-deployed-separately/rendered_manifests/deployment-cluster-receiver.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ spec:
serviceAccountName: default-splunk-otel-collector
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsUser: "0"
containers:
- name: otel-collector
command:
Expand Down
2 changes: 2 additions & 0 deletions examples/use-proxy/rendered_manifests/deployment-cluster-receiver.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ spec:
serviceAccountName: default-splunk-otel-collector
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsUser: "0"
containers:
- name: otel-collector
command:
Expand Down
13 changes: 13 additions & 0 deletions helm-charts/splunk-otel-collector/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -428,3 +428,16 @@ Whether clusterReceiver should be enabled
{{- $clusterReceiver := fromYaml (include "splunk-otel-collector.clusterReceiver" .) }}
{{- and $clusterReceiver.enabled (or (eq (include "splunk-otel-collector.metricsEnabled" .) "true") (eq (include "splunk-otel-collector.objectsOrEventsEnabled" .) "true")) -}}
{{- end -}}


{{/*
Build the securityContext for Linux and Windows
*/}}
{{- define "splunk-otel-collector.securityContext" -}}
{{- if .isWindows }}
{{- $_ := unset .securityContext "runAsUser" }}
{{- else if (eq (toString .securityContext.runAsUser) "<nil>") }}
{{- $_ := set .securityContext "runAsUser" 0 }}
{{- end }}
{{- toYaml .securityContext }}
{{- end -}}
6 changes: 1 addition & 5 deletions helm-charts/splunk-otel-collector/templates/daemonset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -251,11 +251,7 @@ spec:
imagePullPolicy: {{ .Values.image.otelcol.pullPolicy }}
{{- if or $agent.securityContext (and (eq (include "splunk-otel-collector.logsEnabled" $) "true") (eq .Values.logsEngine "otel")) }}
securityContext:
{{- if $agent.securityContext }}
{{- toYaml $agent.securityContext | nindent 10 }}
{{- else }}
runAsUser: 0
{{- end }}
{{- include "splunk-otel-collector.securityContext" (dict "isWindows" .Values.isWindows "securityContext" $agent.securityContext) | nindent 10 }}
{{- end }}
env:
- name: SPLUNK_MEMORY_TOTAL_MIB
Expand Down
4 changes: 1 addition & 3 deletions helm-charts/splunk-otel-collector/templates/deployment-cluster-receiver.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,10 +77,8 @@ spec:
` }}
{{- $clusterReceiver.affinity | mustMergeOverwrite (fromYaml $clusterReceiverPodAntiAffinity) | toYaml | nindent 8 }}
{{- end }}
{{- if $clusterReceiver.securityContext }}
securityContext:
{{ toYaml $clusterReceiver.securityContext | nindent 8 }}
{{- end }}
{{- include "splunk-otel-collector.securityContext" (dict "isWindows" .Values.isWindows "securityContext" $clusterReceiver.securityContext) | nindent 8 }}
{{- if eq (include "splunk-otel-collector.distribution" .) "eks/fargate" }}
initContainers:
- name: cluster-receiver-node-discoverer
Expand Down
4 changes: 1 addition & 3 deletions helm-charts/splunk-otel-collector/templates/deployment-gateway.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,10 +57,8 @@ spec:
affinity:
{{- toYaml $gateway.affinity | nindent 8 }}
{{- end }}
{{- if $gateway.securityContext }}
securityContext:
{{ toYaml $gateway.securityContext | nindent 8 }}
{{- end }}
{{- include "splunk-otel-collector.securityContext" (dict "isWindows" .Values.isWindows "securityContext" $gateway.securityContext) | nindent 8 }}
containers:
- name: otel-collector
command:
Expand Down
2 changes: 1 addition & 1 deletion helm-charts/splunk-otel-collector/templates/revert-patch-log-dirs-hook.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{- if or (and (.Values.fluentd.securityContext.runAsUser) (.Values.fluentd.securityContext.runAsGroup)) (and (.Values.agent.securityContext.runAsUser) (.Values.agent.securityContext.runAsGroup)) }}
{{- if or (and (.Values.fluentd.securityContext.runAsUser) (.Values.fluentd.securityContext.runAsGroup) (not .Values.isWindows) ) (and (.Values.agent.securityContext.runAsUser) (.Values.agent.securityContext.runAsGroup) (not .Values.isWindows) ) }}
apiVersion: v1
kind: Pod
metadata:
Expand Down

0 comments on commit 63d29a6

Please sign in to comment.