Skip to content

Commit

Permalink
Merge pull request #1301 from splunk/CSPL_2532_fsGrChPo
Browse files Browse the repository at this point in the history 
CSPL_2532 - fsGroupChangePolicy change
  • Loading branch information
@akondur
akondur authored Mar 6, 2024
2 parents 2e623e6 + b86dfb0 commit 350229e
Show file tree
Hide file tree
Showing 12 changed files with 94 additions and 90 deletions.
1 change: 1 addition & 0 deletions config/manager/manager.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ spec:
runAsUser: 1001
fsGroup: 1001
runAsNonRoot: true
fsGroupChangePolicy: "OnRootMismatch"
hostNetwork: false
hostPID: false
hostIPC: false
Expand Down
1 change: 1 addition & 0 deletions helm-chart/splunk-operator/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,7 @@ splunkOperator:
runAsUser: 1001
fsGroup: 1001
runAsNonRoot: true
fsGroupChangePolicy: "OnRootMismatch"

# Set usage of host networking and namespace
# reference: https://kubernetes.io/docs/concepts/security/pod-security-policy/#host-namespaces
Expand Down
70 changes: 35 additions & 35 deletions pkg/splunk/common/urls_testingcode.go
View file

Large diffs are not rendered by default.

12 changes: 6 additions & 6 deletions pkg/splunk/enterprise/clustermanager_test.go
View file

Large diffs are not rendered by default.

12 changes: 6 additions & 6 deletions pkg/splunk/enterprise/clustermaster_test.go
View file

Large diffs are not rendered by default.

10 changes: 6 additions & 4 deletions pkg/splunk/enterprise/configuration.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ import (
"reflect"
"strconv"

"github.com/wk8/go-ordered-map/v2"
orderedmap "github.com/wk8/go-ordered-map/v2"
appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
k8serrors "k8s.io/apimachinery/pkg/api/errors"
Expand Down Expand Up @@ -833,10 +833,12 @@ func updateSplunkPodTemplateWithConfig(ctx context.Context, client splcommon.Con
runAsUser := int64(41812)
fsGroup := int64(41812)
runAsNonRoot := true
fsGroupChangePolicy := corev1.FSGroupChangeOnRootMismatch
podTemplateSpec.Spec.SecurityContext = &corev1.PodSecurityContext{
RunAsUser: &runAsUser,
FSGroup: &fsGroup,
RunAsNonRoot: &runAsNonRoot,
RunAsUser: &runAsUser,
FSGroup: &fsGroup,
RunAsNonRoot: &runAsNonRoot,
FSGroupChangePolicy: &fsGroupChangePolicy,
}

livenessProbe := getLivenessProbe(ctx, cr, instanceType, spec)
Expand Down
12 changes: 6 additions & 6 deletions pkg/splunk/enterprise/indexercluster_test.go
View file

Large diffs are not rendered by default.

10 changes: 5 additions & 5 deletions pkg/splunk/enterprise/licensemanager_test.go
View file

Large diffs are not rendered by default.

10 changes: 5 additions & 5 deletions pkg/splunk/enterprise/licensemaster_test.go
View file

Large diffs are not rendered by default.

12 changes: 6 additions & 6 deletions pkg/splunk/enterprise/monitoringconsole_test.go
View file

Large diffs are not rendered by default.

22 changes: 11 additions & 11 deletions pkg/splunk/enterprise/searchheadcluster_test.go
View file

Large diffs are not rendered by default.

12 changes: 6 additions & 6 deletions pkg/splunk/enterprise/standalone_test.go
View file

Large diffs are not rendered by default.

0 comments on commit 350229e

Please sign in to comment.