Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(fix): add podconfig for k8up schedules to set runasuser for backup pods #389

Closed
wants to merge 2 commits into from
Closed

feat(fix): add podconfig for k8up schedules to set runasuser for backup pods #389

wants to merge 2 commits into from

Conversation

shreddedbacon
Copy link
Member

@shreddedbacon shreddedbacon commented Nov 11, 2024
edited
Loading

Implements k8up PodConfig templates for backups to ensure that when the volumes are mounted to the backup pod in an environment with rootless workloads enabled they get the same runAsUser that the environment uses so that the backup pod will be able to read the data in the volumes.

This has a requirement on k8up v2.10.0+ to support PodConfig on Schedules.

closes #361

@shreddedbacon shreddedbacon marked this pull request as ready for review November 11, 2024 23:44
@shreddedbacon shreddedbacon mentioned this pull request Nov 24, 2024
Closed
tobybellwood
tobybellwood approved these changes Dec 4, 2024
View reviewed changes
Copy link
Member

@tobybellwood tobybellwood left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given the test case recreates the correct permissions in the backup-template, this is ok to go

@shreddedbacon
Copy link
Member Author

This might be overkill. Re-reading the spec, it looks like we can just add podSecurityContext to the schedule like so and remove all the podconfig logic.

spec:
  podSecurityContext:
    fsGroup: 10001
    fsGroupChangePolicy: OnRootMismatch
    runAsGroup: 0
    runAsUser: 10000

I'll run some tests

@shreddedbacon shreddedbacon mentioned this pull request Dec 15, 2024
Merged
@shreddedbacon
Copy link
Member Author

closing for #403

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tobybellwood tobybellwood tobybellwood approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Backup pod RunAsUser with rootless workloads
2 participants
@shreddedbacon @tobybellwood