BUGFIX: Revert openshift-specific settings and assign service account to history pods. (#207)

adwk67 · razvan · adwk67 · commit 266ac356d541 · 2023-02-14T12:55:19.000Z
# Description

Openshift-specific settings are no longer needed as operators will be packaged with olm for OS clusters.



Co-authored-by: Razvan-Daniel Mihai &lt;84674+razvan@users.noreply.github.com&gt;
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,15 @@ All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
 
+### Changed
+
+- Revert openshift settings ([#207])
+- BUGFIX: assign service account to history pods ([#207])
+
+[#207]: https://github.com/stackabletech/spark-k8s-operator/pull/207
+
+## [23.1.0] - 2023-01-23
+
 ### Added
 
 - Create and manage history servers ([#187])
diff --git a/deploy/helm/spark-k8s-operator/values.yaml b/deploy/helm/spark-k8s-operator/values.yaml
@@ -21,22 +21,8 @@ podAnnotations: {}
 
 podSecurityContext: {}
   # fsGroup: 2000
-#
-# OpenShift 4.11 replaces the PodSecurityPolicy with a new pod security
-# admission mechanism as described in this blog post [1].
-# This requires Pods to explicitely specify the securityContext.
-#
-# [1]: https://cloud.redhat.com/blog/pod-security-admission-in-openshift-4.11
-securityContext:
-  capabilities:
-    drop:
-      - ALL
-  readOnlyRootFilesystem: false
-  allowPrivilegeEscalation: false
-  seccompProfile:
-    type: RuntimeDefault
-  runAsNonRoot: true
-  runAsUser: 1000
+
+securityContext: {}
 
 resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious
diff --git a/rust/operator-binary/src/history_controller.rs b/rust/operator-binary/src/history_controller.rs
@@ -202,6 +202,7 @@ pub async fn reconcile(shs: Arc<SparkHistoryServer>, ctx: Arc<Ctx>) -> Result<Ac
                 &rgr,
                 s3_log_dir.as_ref().unwrap(),
                 &config.resources,
+                &serviceaccount,
             )?;
             cluster_resources
                 .add(client, &sts)
@@ -255,6 +256,7 @@ fn build_stateful_set(
     rolegroupref: &RoleGroupRef<SparkHistoryServer>,
     s3_log_dir: &S3LogDir,
     resources: &Resources<HistoryStorageConfig, NoRuntimeLimits>,
+    serviceaccount: &ServiceAccount,
 ) -> Result<StatefulSet, Error> {
     let container_name = "spark-history";
     let container = ContainerBuilder::new(container_name)
@@ -274,6 +276,7 @@ fn build_stateful_set(
         .build();
 
     let template = PodBuilder::new()
+        .service_account_name(serviceaccount.name_unchecked())
         .add_container(container)
         .image_pull_secrets_from_product_image(resolved_product_image)
         .add_volume(
