You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the feature you'd like to have.
It should be possible to run the restic mover both with its current elevated permissions as well as with normal user permissions
What is the value to the end user? (why is it a priority?)
Running as a normal user is sufficient for typical replication scenarios, and it improves the security of the cluster by not running Pods w/ elevated permissions in the user's Namespace.
How will we know we have a good solution? (acceptance criteria)
Special attention to the restic cache volume may be necessary. In the case of OpenShift, the PVC will be automatically made accessible to the mover pod, but in vanilla kube, explicit setting of fsGroup or supplementalGroups may be necessary.
The text was updated successfully, but these errors were encountered:
Describe the feature you'd like to have.
It should be possible to run the restic mover both with its current elevated permissions as well as with normal user permissions
What is the value to the end user? (why is it a priority?)
Running as a normal user is sufficient for typical replication scenarios, and it improves the security of the cluster by not running Pods w/ elevated permissions in the user's Namespace.
How will we know we have a good solution? (acceptance criteria)
Additional context
fsGroup
orsupplementalGroups
may be necessary.The text was updated successfully, but these errors were encountered: