flink-on-k8s-operator icon indicating copy to clipboard operation
flink-on-k8s-operator copied to clipboard

Published 20 hours ago verified publisher icon spotify

Container SecurityContext seems not available

Open timsn opened this issue 2 years ago • 6 comments

When looking through the FlinkCluster CRD I can see there are securityContext definitions for Jobmanager, Taskmanger and Job specs. All of these are of the type PodSecurityContext which is fine. Besides that it would great to be able to set the corresponding Container SecurityContext as well. This would allow to set options like allowPrivilegeEscalation, readOnlyRootFilesystem, drop capabilities and others which are not available in the PodSecurityContext. This is important in some cluster environments like ours where we need to fulfill certain security policies.

timsn avatar Feb 03 '22 10:02 timsn

Hey @timsn! adding that makes total sense! let me know if you want to take a stab at it.

regadas avatar Feb 04 '22 09:02 regadas

Hi @regadas I cloned the latest but still do not see the property "readOnlyRootFilesystem". I'm a newbie, so could you please confirm if it is already complete or work needs to be done? If work needs to be done, I can take a stab at it. Please let me know

anythingbyme avatar Dec 07 '22 02:12 anythingbyme

Hi @anythingbyme, yup this work is still pending.

regadas avatar Dec 12 '22 11:12 regadas

Hi @anythingbyme, yup this work is still pending.

Need any assistance on implementing this change? Our teams are also looking for something similar so I implemented the change in our local build of the operator

acherla avatar Jan 16 '23 18:01 acherla

Hi @acherla would you mind making a PR for this?

regadas avatar Mar 14 '23 07:03 regadas

is the issue resolved? Can I work on this?

g4ze avatar Jul 03 '23 19:07 g4ze