Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Changed prepare-log-file to take args for setting uid/gid for log files. #70094

Merged
merged 1 commit into from
Oct 24, 2018
Merged

Changed prepare-log-file to take args for setting uid/gid for log files. #70094

merged 1 commit into from
Oct 24, 2018

Conversation

mwwolters
Copy link
Contributor

@mwwolters mwwolters commented Oct 22, 2018
edited by mikedanese

This adds the option to pass log owner user + group which means other functions in configure-helper.sh can be modified to specify those and components can eventually be spun up as non-root users with permission to write to /var/log.

Part of #70093

/kind cleanup
/sig gcp

NONE

@mwwolters
Copy link
Contributor Author

mwwolters commented Oct 22, 2018
edited

/assign @mikedanese
/sig gcp

@mwwolters
Copy link
Contributor Author

I signed it

@k8s-ci-robot k8s-ci-robot added kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Oct 22, 2018
@k8s-ci-robot k8s-ci-robot added the sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. label Oct 22, 2018
@k8s-ci-robot k8s-ci-robot added sig/gcp cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. and removed needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Oct 22, 2018
mikedanese
mikedanese reviewed Oct 22, 2018
View reviewed changes
cluster/gce/gci/configure-helper.sh
function prepare-log-file {
touch $1
chmod 644 $1
chown "${LOG_OWNER_USER:-root}":"${LOG_OWNER_GROUP:-root}" $1
chown "${2:-${LOG_OWNER_USER:-root}}":"${3:-${LOG_OWNER_GROUP:-root}}" $1
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we intend to assign owners by name or integer id? If name, how are we going to synchronize /etc/passwd between the host and container fs?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

By integer id. When we set the user to run as in the security context for the container manifest, it needs to be an integer. I think it would be a bit more maintainable with what we currently have to use the UID in both the security context and configure-helper, because otherwise we're going to have to modify the container image every time to change the user.

@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. and removed do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Oct 24, 2018
@mikedanese
Copy link
Member

/ok-to-test
/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added lgtm "Looks good to me", indicates that a PR is ready to be merged. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Oct 24, 2018
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mikedanese, mwwolters

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 24, 2018
@k8s-ci-robot k8s-ci-robot merged commit 4cbeddd into kubernetes:master Oct 24, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mikedanese mikedanese mikedanese left review comments

@jingax10 jingax10 Awaiting requested review from jingax10

@vishh vishh Awaiting requested review from vishh

Assignees

@mikedanese mikedanese

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@mwwolters @mikedanese @k8s-ci-robot