Remove Security Context

This workaround is specific for Calatrava envs.

Remove Security Context
This workaround is specific for Calatrava envs.
c9f44231 · Aitor Alberto Perez Cedres · 934d6f7f · c9f44231 · c9f44231
Commit c9f44231 authored 4 years ago by Aitor Alberto Perez Cedres
Hide whitespace changes
Inline Side-by-side

Showing

with 3 additions and 30 deletions
+3 -30
--- a/internal/resource/statefulset.go
+++ b/internal/resource/statefulset.go
@@ -268,8 +268,6 @@ func (builder *StatefulSetBuilder) podTemplateSpec(previousPodAnnotations map[st
 	memoryRequest := k8sresource.MustParse(initContainerMemory)

 	automountServiceAccountToken := true
-	rabbitmqGID := int64(999)
-	rabbitmqUID := int64(999)

 	volumes := []corev1.Volume{
 		{
@@ -558,11 +556,6 @@ func (builder *StatefulSetBuilder) podTemplateSpec(previousPodAnnotations map[st
 					},
 				},
 			},
-			SecurityContext: &corev1.PodSecurityContext{
-				FSGroup:    &rabbitmqGID,
-				RunAsGroup: &rabbitmqGID,
-				RunAsUser:  &rabbitmqUID,
-			},
 			ImagePullSecrets:              builder.Instance.Spec.ImagePullSecrets,
 			TerminationGracePeriodSeconds: builder.Instance.Spec.TerminationGracePeriodSeconds,
 			ServiceAccountName:            builder.Instance.ChildResourceName(serviceAccountName),
@@ -573,13 +566,6 @@ func (builder *StatefulSetBuilder) podTemplateSpec(previousPodAnnotations map[st
 				{
 					Name:  "setup-container",
 					Image: builder.Instance.Spec.Image,
-					SecurityContext: &corev1.SecurityContext{
-						RunAsUser: pointer.Int64Ptr(0),
-						Capabilities: &corev1.Capabilities{
-							Drop: []corev1.Capability{"ALL"},
-							Add:  []corev1.Capability{"CHOWN", "FOWNER"},
-						},
-					},
 					Command: []string{
 						"sh", "-c", "cp /tmp/erlang-cookie-secret/.erlang.cookie /var/lib/rabbitmq/.erlang.cookie " +
 							"&& chown 999:999 /var/lib/rabbitmq/.erlang.cookie " +

--- a/internal/resource/statefulset_test.go
+++ b/internal/resource/statefulset_test.go
@@ -975,15 +975,7 @@ var _ = Describe("StatefulSet", func() {
 			stsBuilder := builder.StatefulSet()
 			Expect(stsBuilder.Update(statefulSet)).To(Succeed())

-			rmqGID, rmqUID := int64(999), int64(999)
-
-			expectedPodSecurityContext := &corev1.PodSecurityContext{
-				FSGroup:    &rmqGID,
-				RunAsGroup: &rmqGID,
-				RunAsUser:  &rmqUID,
-			}
-
-			Expect(statefulSet.Spec.Template.Spec.SecurityContext).To(Equal(expectedPodSecurityContext))
+			Expect(statefulSet.Spec.Template.Spec.SecurityContext).To(BeNil())
 		})

 		It("defines a Readiness Probe", func() {
@@ -1005,13 +997,8 @@ var _ = Describe("StatefulSet", func() {

 			initContainer := extractContainer(initContainers, "setup-container")
 			Expect(initContainer).To(MatchFields(IgnoreExtras, Fields{
-				"Image": Equal("rabbitmq-image-from-cr"),
-				"SecurityContext": PointTo(MatchFields(IgnoreExtras, Fields{
-					"Capabilities": PointTo(MatchAllFields(Fields{
-						"Drop": ConsistOf([]corev1.Capability{"ALL"}),
-						"Add":  ConsistOf([]corev1.Capability{"CHOWN", "FOWNER"}),
-					})),
-				})),
+				"Image":           Equal("rabbitmq-image-from-cr"),
+				"SecurityContext": BeNil(),
 				"Command": ConsistOf(
 					"sh", "-c", "cp /tmp/erlang-cookie-secret/.erlang.cookie /var/lib/rabbitmq/.erlang.cookie "+
 						"&& chown 999:999 /var/lib/rabbitmq/.erlang.cookie "+