zookeeper-operator icon indicating copy to clipboard operation
zookeeper-operator copied to clipboard
verified publisher icon stackabletech

Allow k8s administrators to override ZNode path

Open nightkr opened this issue 2 years ago • 7 comments

This is currently not allowed because it would let users escalate "Is allowed to create sandboxed ZNodes" to "Is allowed to take ownership of any named ZNode".

However, this is preventing users from restoring failed clusters from backups, since there is no way to influence the UID generation at all. One possible compromise would be to introduce a new field ZookeeperZnode.status.znodePath, which defaults to /{uid}. This would let administrators status-patch the object to override the path, while regular users are typically prohibited (by K8s) from editing the status subresource.

nightkr avatar May 11 '23 09:05 nightkr

LGTM

sbernauer avatar Apr 05 '24 13:04 sbernauer

Moving this into the voting phase.

nightkr avatar Apr 10 '24 11:04 nightkr

No dissent, considering this accepted.

nightkr avatar Apr 17 '24 08:04 nightkr

Is this anything we documented?

lfrancke avatar May 06 '24 12:05 lfrancke

Is this already implemented? https://github.com/stackabletech/zookeeper-operator/pull/799 looks like the implementation and is not merged yet

sbernauer avatar May 06 '24 13:05 sbernauer

I don't know. I found this in the Done column

lfrancke avatar May 06 '24 13:05 lfrancke

Not sure how this got moved to done, #799 has indeed not been reviewed yet.

Is this anything we documented?

It's documented in the PR, but since that still hasn't been merged...

nightkr avatar May 16 '24 08:05 nightkr

As this has been merged now, can you please include a link to the generated docs?

lfrancke avatar Jun 26 '24 10:06 lfrancke

@lfrancke https://docs.stackable.tech/home/nightly/zookeeper/usage_guide/isolating_clients_with_znodes#_restoring_from_backups

nightkr avatar Jun 27 '24 09:06 nightkr