Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Volumes and mount path config #68

Closed
wants to merge 3 commits into from
Closed

Volumes and mount path config #68

wants to merge 3 commits into from

Conversation

jeffbanks
Copy link
Contributor

Volume config and mount path config to support permissions restrictions for /etc/reaper, which will contain the cassandra-reaper.yml and shiro.ini files.

Part of the overall Reaper security context configurations as identified in:

@jeffbanks jeffbanks requested a review from jsanda August 26, 2021 20:52
@jeffbanks jeffbanks self-assigned this Aug 26, 2021
@jeffbanks
Copy link
Contributor Author

@jsanda a new addition here to apply the mount paths at the reaper non-init container. I had originally scoped it to the init-container.

jsanda
jsanda requested changes Aug 31, 2021
View reviewed changes
api/v1alpha1/reaper_types.go Outdated Show resolved Hide resolved
@sync-by-unito sync-by-unito bot mentioned this pull request Sep 13, 2021
Closed
jsanda
jsanda reviewed Sep 21, 2021
View reviewed changes
Copy link
Contributor

@jsanda jsanda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need an updated Reaper image with which to test? Or does Reaper already write its configs into /etc/reaper? I cannot remember.

@jeffbanks
Copy link
Contributor Author

jeffbanks commented Sep 23, 2021
edited
Loading

Do we need an updated Reaper image with which to test? Or does Reaper already write its configs into /etc/reaper? I cannot remember.

@jsanda It was adjusted from its original target folder of /etc to the newly setup /etc/reaper. I should have referenced the PR that aligns with this particular change to make that more clear.

@adejanovski tested the Reaper image changes for us (thanks Alex!) and it seems to not be causing any issues. That PR is just awaiting a recent rebase to be squashed to reaper master.

You can reference that PR for Reaper here.

@jeffbanks jeffbanks mentioned this pull request Sep 23, 2021
Merged
jsanda
jsanda requested changes Oct 4, 2021
View reviewed changes
pkg/reconcile/reconcilers_test.go Outdated Show resolved Hide resolved
@jeffbanks jeffbanks requested a review from jsanda October 4, 2021 18:37
jsanda
jsanda requested changes Oct 4, 2021
View reviewed changes
pkg/reconcile/reconcilers.go Show resolved Hide resolved
@jeffbanks jeffbanks force-pushed the jeffb/etc-mount-paths branch 2 times, most recently from a6a0806 to ef11fcd Compare October 15, 2021 20:52
@jeffbanks
* Adding security context for k8ssandra (k8ssandra#60)
26f65d3 
* cve 2021-25737 (k8ssandra#75)
* Updated replace directives
* Vols and mount paths exposed
* Vol mounts for non-init container
* Vols and volMounts removed from CRD
* Init container mount paths
* New init container for config mgmt
* CRD update for config init
* Correction on test image
@jeffbanks jeffbanks marked this pull request as draft October 20, 2021 23:51
@jeffbanks jeffbanks marked this pull request as ready for review October 27, 2021 16:44
@jeffbanks
Copy link
Contributor Author

@jsanda @adejanovski I suspect the e2e failure is based on the need for the update reaper image as part of reaper-PR#1133.

@jeffbanks jeffbanks mentioned this pull request Oct 28, 2021
Closed
jsanda
jsanda reviewed Oct 29, 2021
View reviewed changes
Copy link
Contributor

@jsanda jsanda left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I built the Reaper and reaper-operator image from your respective branches and loaded them into my kind cluster. I tested with a k8ssandra install. The Reaper pod fails with an error.

Disregard the above. I didn't have your latest change. Rebuilding and retesting...

@jsanda
Copy link
Contributor

jsanda commented Oct 29, 2021

@jeffbanks the reaper-schema-init container is failing for me with com.datastax.driver.core.exceptions.AuthenticationException: Authentication error on host test-dc1-service/10.244.6.24:9042: Host test-dc1-service/10.244.6.24:9042 requires authentication, but no authenticator found in Cluster configuration.

@jeffbanks jeffbanks requested a review from jsanda October 29, 2021 20:00
@jeffbanks
Config init test fix
734b5f2 
Init container reordering and mount path def
Fixes missing env vars for init container
Remove authvars from config-init
@sonarcloud
Copy link

sonarcloud bot commented Oct 29, 2021

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 4 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@jeffbanks jeffbanks requested a review from jsanda October 29, 2021 20:41
jsanda
jsanda reviewed Oct 29, 2021
View reviewed changes
Copy link
Contributor

@jsanda jsanda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes look good. I'll retest.

@jsanda
Copy link
Contributor

jsanda commented Oct 30, 2021

@jeffbanks I tested again. Everything looks good to go. We need to wait to merge until your Reaper PR (thelastpickle/cassandra-reaper#1133) is merged.

@jeffbanks
Copy link
Contributor Author

@adejanovski @jsanda This merge is pending the approval of [cassandra-reaper](Reaper PR (thelastpickle/cassandra-reaper#1133) PR.

@jeffbanks jeffbanks requested a review from jsanda November 2, 2021 16:33
@jeffbanks
Copy link
Contributor Author

Closing this PR as effort here has been replaced with this newer PR #84.

Changes as a result of reverting path back to /etc/cassandra-reaper as described in cassandra-reaper PR#1139

@jeffbanks jeffbanks closed this Nov 9, 2021
@jeffbanks jeffbanks deleted the jeffb/etc-mount-paths branch November 9, 2021 23:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adejanovski adejanovski Awaiting requested review from adejanovski

@emerkle826 emerkle826 Awaiting requested review from emerkle826

@jsanda jsanda Awaiting requested review from jsanda

Assignees

@jeffbanks jeffbanks

Labels
complexity: low security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@jeffbanks @jsanda @emerkle826