Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reaper needs a static image filesystem to enable readOnlyRootFilesystem #1329

Closed
1 of 2 tasks
adejanovski opened this issue May 24, 2024 · 0 comments · Fixed by #1330
Closed
1 of 2 tasks

Reaper needs a static image filesystem to enable readOnlyRootFilesystem #1329

adejanovski opened this issue May 24, 2024 · 0 comments · Fixed by #1330
Assignees
@adejanovski
Labels
done Issues in the state 'done'

Comments

@adejanovski
Copy link
Contributor

adejanovski commented May 24, 2024
edited
Loading

When adding the following security context settings to Reaper, it fails to start complaining about access rights to /etc/cassandra-reaper:

          securityContext:
            capabilities:
              drop:
                - ALL
            runAsUser: 999
            runAsGroup: 999
            runAsNonRoot: true
            readOnlyRootFilesystem: true
            allowPrivilegeEscalation: false

We need to be able to run the Reaper pods with read only root FS.

Definition of Done
Preview Give feedback
  1. Issues running the container with a read only root FS thelastpickle/cassandra-reaper#1506
    done
@adejanovski adejanovski self-assigned this May 24, 2024
@adejanovski adejanovski moved this to In Progress in K8ssandra May 24, 2024
@adejanovski adejanovski added the in-progress Issues in the state 'in-progress' label May 24, 2024
@adejanovski adejanovski changed the title Reaper won't run a non root Reaper needs a static image filesystem to enable readOnlyRootFilesystem May 24, 2024
@adejanovski adejanovski mentioned this issue May 24, 2024
Merged
5 tasks
@github-project-automation github-project-automation bot moved this from In Progress to Done in K8ssandra May 24, 2024
@adejanovski adejanovski added done Issues in the state 'done' and removed in-progress Issues in the state 'in-progress' labels May 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@adejanovski adejanovski

Labels
done Issues in the state 'done'
Projects
No open projects
K8ssandra
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Upgrade reaper ro rootfs k8ssandra/k8ssandra-operator
1 participant
@adejanovski