opentelemetry-operator icon indicating copy to clipboard operation
opentelemetry-operator copied to clipboard

Published 20 hours ago verified publisher icon open-telemetry

chore: document minimal security context settings

Open jawnsy opened this issue 3 years ago • 13 comments

Add documentation that describes how to use opentelemetry-operator in restrictive clusters, such as enabling runAsRoot, dropping capabilities, and configuring seccomp confinement.

Closes: #1264

jawnsy avatar Nov 24 '22 19:11 jawnsy

CLA Signed

The committers listed above are authorized under a signed CLA.

  • :white_check_mark: login: jawnsy / name: Jonathan Yu (a39a5e02ff750237c54d58a255f0528b11a2915b)

linux-foundation-easycla[bot] avatar Nov 24 '22 19:11 linux-foundation-easycla[bot]

Ah, apologies, I need to clear up the CLA issue before I can proceed

jawnsy avatar Jan 31 '23 23:01 jawnsy

Sorry for the long delay, and thanks for your patience. I've rebased and addressed comments (removed the reference to the API file), and this pull request is now ready for another review.

jawnsy avatar May 27 '23 18:05 jawnsy

Any update on this?

R011y avatar Aug 24 '23 12:08 R011y

@pavolloffay @frzifus Hey, I've rebased and this should be ready for review when you have a moment!

jawnsy avatar Aug 24 '23 23:08 jawnsy

Awesome thanks @jawnsy

frzifus avatar Aug 25 '23 17:08 frzifus

Thanks guys. Greatly appreciated.

R011y avatar Aug 25 '23 18:08 R011y

@jawnsy Still need one more for this to get merged <3

R011y avatar Aug 28 '23 13:08 R011y

Still need one more for this to get merged <3

@R011y Sorry, can you please clarify -- what are the next steps here? Do I need to make more changes, or are we waiting for another review?

jawnsy avatar Aug 28 '23 18:08 jawnsy

Still need one more for this to get merged <3

@R011y Sorry, can you please clarify -- what are the next steps here? Do I need to make more changes, or are we waiting for another review?

Just needs another review. No changes requested.

R011y avatar Aug 28 '23 18:08 R011y

Just for awareness in case others come across this issue: Otel operator CAN be run with restrictive security context without issue. It functions correctly with both allowPrivilegeEscalation: false and readOnlyRootFilesystem: true. The documentation update in this PR will just cement the existing ability to run Otel operator with restrictive security context. That said, it's always best to test thoroughly in your environment as there may be conditions or variability that present issues not identified here.

R011y avatar Aug 29 '23 13:08 R011y

Add me as a reviewer if you want @jawnsy, if that's possible.

R011y avatar Aug 29 '23 14:08 R011y

@R011y mind reviewing this so i can merge this finally?

jaronoff97 avatar Nov 28 '23 22:11 jaronoff97

Closing as inactive. Please comment if you would like to reopen this pull request.

atoulme avatar Mar 12 '25 20:03 atoulme

It's unfortunate that this was closed, it seemed ready to merge and only needed reviews?

I'm happy to rebase this if you'll consider reviewing and merging

jawnsy avatar Mar 22 '25 02:03 jawnsy