Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: improve rootless migration logic #3051

Merged
merged 1 commit into from
Mar 1, 2022
Merged

fix: improve rootless migration logic #3051

merged 1 commit into from
Mar 1, 2022

Conversation

smlx
Copy link
Member

@smlx smlx commented Mar 1, 2022

Checklist

  • Affected Issues have been mentioned in the Closing issues section
  • Documentation has been written/updated
  • PR title is ready for changelog and subsystem label(s) applied

This PR improves handling of the case where a Lagoon environment running
as root has changed the ownership and permissions of files in their
shared storage volume by rsyncing from another location, and then
switched to rootless.

It should now be the case that no matter how the ownership/permissions
have been changed, enabling rootless for the environment will normalise
the filesystem correctly for the rootless workload to have full access.

This change has been tested across three managed Kubernetes vendors
(EKS, GKE, AKS).

See: https://github.com/amazeeio/rootless-migration-tests

Closing issues

Closes: #3044

@smlx
fix: improve rootless migration logic
21f7936 
This PR improves handling of the case where a Lagoon environment running
as root has changed the ownership and permissions of files in their
shared storage volume by rsyncing from another location, and then
switched to rootless.

It should now be the case that no matter how the ownership/permissions
have been changed, enabling rootless for the environment will normalise
the filesystem correctly for the rootless workload to have full access.

This change has been tested across three managed Kubernetes vendors
(EKS, GKE, AKS).

See: https://github.com/amazeeio/rootless-migration-tests
@smlx smlx added the 0-kubernetes Vanilla kubernetes support label Mar 1, 2022
@smlx smlx requested a review from Schnitzel March 1, 2022 06:25
@tobybellwood tobybellwood merged commit 2be894d into main Mar 1, 2022
@tobybellwood tobybellwood deleted the rootless-init-fix branch March 1, 2022 23:29
@tobybellwood tobybellwood mentioned this pull request Mar 29, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Schnitzel Schnitzel Awaiting requested review from Schnitzel

Assignees
No one assigned
Labels
0-kubernetes Vanilla kubernetes support
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

rootless initscript changes file permission of persistent storage sometimes to wrong users
2 participants
@smlx @tobybellwood