Yamamoto, Hirotaka
Yamamoto, Hirotaka
Alternatively, it might be better to add `securityContext.fsGroup` automatically. Since the GID 10,000 is a kind of internal value. Doing so would also reduce the troubles of moco users.
@masa213f Not exactly. `fsGroup` is a Pod-level security policy, so we don't need to add them to each container.
Also, I'd like to include `fsGroupChangePolicy: "OnRootMismatch"` as it is available on all supported k8s versions.
@masa213f Cc: @d-kuro > Should I set the fsGroup (and fsGroupChangePolicy) to the mysql pod too? We should.
@jpeach We develop a sidecar controller to create Certificate along with HTTPProxy. If interested, see https://github.com/cybozu-go/contour-plus
@jpeach contour-plus depends on Contour, external-dns, and cert-manager. Since all of these projects are moving fast and changing CRD schema, I'd suggest having contour-plus as a separate project. Adding links...
@uqix Thanks for the info. @masa213f @d-kuro I think this feature is worth doing.
@masa213f @d-kuro looks like k8s 1.26 will support completion for kubectl plugins. https://qiita.com/superbrothers/items/65a16f5139b52e1b9d56
I believe `coild` on the assigned node will eventually collect unused AddressBlocks. https://github.com/cybozu-go/coil/blob/main/docs/design.md#addressblock > At startup, coild also checks each AddressBlock for the Node, and if no Pod is using...
If that is so serious, I'd like to suggest calling the GC logic periodically, not only at the process startup.