Skip to content

feat: set default user and group #2002

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 10, 2025
Merged

feat: set default user and group #2002

merged 1 commit into from
Apr 10, 2025

Conversation

csatib02
Copy link
Member

@csatib02 csatib02 commented Apr 2, 2025

Fixes: #1987

@csatib02 csatib02 added the enhancement New feature or request label Apr 2, 2025
@csatib02 csatib02 requested review from pepov and Copilot April 2, 2025 08:58
@csatib02 csatib02 self-assigned this Apr 2, 2025
Copilot
Copilot AI reviewed Apr 2, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR sets default security context values for the Fluentd logging configuration, addressing issue #1987.

  • Set default user and group IDs by modifying SecurityContext and PodSecurityContext
  • Introduce non-root execution defaults with explicit RunAsUser, RunAsGroup, and FSGroup values

@csatib02 csatib02 force-pushed the fix/set-default-user branch from 968a913 to bca83b6 Compare April 3, 2025 07:29
@csatib02 csatib02 requested a review from OverOrion April 7, 2025 13:43
@pepov pepov added breaking-change and removed enhancement New feature or request labels Apr 10, 2025
@pepov
Copy link
Member

pepov commented Apr 10, 2025

Relabeled it as a breaking change, so that users who depended on the previous behaviour somehow will take attention

@pepov pepov merged commit b79ccf0 into master Apr 10, 2025
32 checks passed
@pepov pepov deleted the fix/set-default-user branch April 10, 2025 09:17
@sebastiangaiser
Copy link
Contributor

@pepov @csatib02 I'm sorry for bothering you but we additionally configured podSecurityContext.seccompProfile.type=RuntimeDefault here. Is the config merged in case I configure some parts of it? 🤔

@csatib02
Copy link
Member Author

@sebastiangaiser
I believe yes, since these are just the defaults. If user input was given for a defaulted value it should be overwritten, if a value was not defaulted then it should be added. Have you checked this?

@sebastiangaiser
Copy link
Contributor

It gets overwritten (LO - 5.3.0):

  securityContext:
    fsGroup: 101
    seccompProfile:
      type: RuntimeDefault

@csatib02
Copy link
Member Author

csatib02 commented Apr 29, 2025
edited
Loading

Yeah this check currently works only if the SecurityContext or in your case PodSecurityContext is nil.
We can add some logic to merge this, but as for this PR it works as intended.

If you would like to add this feel free to open a ticket or PR. :) I would be happy to review!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@pepov pepov pepov approved these changes

@OverOrion OverOrion Awaiting requested review from OverOrion

Assignees

@csatib02 csatib02

Labels
breaking-change
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Run fluentd as user by default
3 participants
@csatib02 @pepov @sebastiangaiser