From b11bbe5f49ee7e0eabd82e9aab88cf66fb326978 Mon Sep 17 00:00:00 2001 From: Andrew Kenworthy Date: Tue, 14 Feb 2023 11:43:55 +0100 Subject: [PATCH 1/4] remove openshift-specific settings --- deploy/helm/spark-k8s-operator/values.yaml | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) diff --git a/deploy/helm/spark-k8s-operator/values.yaml b/deploy/helm/spark-k8s-operator/values.yaml index 0812b6b8..324fe579 100644 --- a/deploy/helm/spark-k8s-operator/values.yaml +++ b/deploy/helm/spark-k8s-operator/values.yaml @@ -21,22 +21,8 @@ podAnnotations: {} podSecurityContext: {} # fsGroup: 2000 -# -# OpenShift 4.11 replaces the PodSecurityPolicy with a new pod security -# admission mechanism as described in this blog post [1]. -# This requires Pods to explicitely specify the securityContext. -# -# [1]: https://cloud.redhat.com/blog/pod-security-admission-in-openshift-4.11 -securityContext: - capabilities: - drop: - - ALL - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - seccompProfile: - type: RuntimeDefault - runAsNonRoot: true - runAsUser: 1000 + +securityContext: {} resources: {} # We usually recommend not to specify default resources and to leave this as a conscious From f27eb41f4c9098fd6c969456a1978053ef00041b Mon Sep 17 00:00:00 2001 From: Andrew Kenworthy Date: Tue, 14 Feb 2023 12:16:33 +0100 Subject: [PATCH 2/4] updated changelog --- CHANGELOG.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9a0c5aa4..1eb97f6a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file. ## [Unreleased] +### Changed + +- Revert openshift settings ([#207]) + +[#207]: https://github.com/stackabletech/spark-k8s-operator/pull/207 + +## [23.1.0] - 2023-01-23 + ### Added - Create and manage history servers ([#187]) From ecafcfd4c0d7f7d85f3ace79e57680a940825d0a Mon Sep 17 00:00:00 2001 From: Razvan-Daniel Mihai <84674+razvan@users.noreply.github.com> Date: Tue, 14 Feb 2023 12:43:13 +0100 Subject: [PATCH 3/4] Attach service account to history pods. --- rust/operator-binary/src/history_controller.rs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/rust/operator-binary/src/history_controller.rs b/rust/operator-binary/src/history_controller.rs index 2a0e343c..6bd6c9f2 100644 --- a/rust/operator-binary/src/history_controller.rs +++ b/rust/operator-binary/src/history_controller.rs @@ -202,6 +202,7 @@ pub async fn reconcile(shs: Arc, ctx: Arc) -> Result, s3_log_dir: &S3LogDir, resources: &Resources, + serviceaccount: &ServiceAccount, ) -> Result { let container_name = "spark-history"; let container = ContainerBuilder::new(container_name) @@ -274,6 +276,7 @@ fn build_stateful_set( .build(); let template = PodBuilder::new() + .service_account_name(serviceaccount.name_unchecked()) .add_container(container) .image_pull_secrets_from_product_image(resolved_product_image) .add_volume( From 20820f0ff5d6b5f7e34db7a70faad91ae2379870 Mon Sep 17 00:00:00 2001 From: Razvan-Daniel Mihai <84674+razvan@users.noreply.github.com> Date: Tue, 14 Feb 2023 13:50:38 +0100 Subject: [PATCH 4/4] Update changelog. --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1eb97f6a..7786da13 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ All notable changes to this project will be documented in this file. ### Changed - Revert openshift settings ([#207]) +- BUGFIX: assign service account to history pods ([#207]) [#207]: https://github.com/stackabletech/spark-k8s-operator/pull/207