-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add full support for setting securityContext for restic restore #4084
Conversation
…iner Signed-off-by: MatthieuFin <matthieu2717@gmail.com>
…ion. Signed-off-by: MatthieuFin <matthieu2717@gmail.com>
Signed-off-by: MatthieuFin <matthieu2717@gmail.com>
Signed-off-by: MatthieuFin <matthieu2717@gmail.com>
Signed-off-by: MatthieuFin <matthieu2717@gmail.com>
@MatthieuFin Thanks for this PR and it looks good to me, could you rebase your PR and we can try to get this reviewed and merged before v1.8 release. |
moving this out of v1.8 milestone as we are very close to the FC. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
@MatthieuFin Do you still want to get this merged? If you could do what @reasonerjt suggested we can get it into 1.9. THanks! |
Oh yes, sorry i had broke my notifications settings, il will rebase it asap. |
Signed-off-by: MatthieuFin <matthieu2717@gmail.com>
Thanks! I just mentioned it in the slack channel so hopefully we'll get a maintainers's eyes on it soon. https://kubernetes.slack.com/archives/C021GPR1L3S/p1645634071501639 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, just a question.
…rors wanted on equals Signed-off-by: MatthieuFin <matthieu2717@gmail.com>
Reference #2437 here. |
Summary of changes
Add a key
secCtx
in configuration configMap "velero.io/restic: RestoreItemAction" to be able to fully customize securityContext set on restic-wait init container set on restore job.This key is an extension of existing keys
secCtxRunAsUser
,secCtxRunAsGroup
,secCtxAllowPrivilegeEscalation
. I keep these old keys support to assure a backward compatibility. But usage of the keysecCtx
could override old keys (unit tests should be clear).Issue
Complete implementation for half implemented issue #2290
Please indicate you've done the following:
/kind changelog-not-required
.site/content/docs/main
.