Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use who am i and other improvements #98

Merged
merged 12 commits into from
Feb 3, 2025
Merged

Use who am i and other improvements #98

merged 12 commits into from
Feb 3, 2025

Conversation

venkatsc
Copy link
Collaborator

@venkatsc venkatsc commented Feb 3, 2025
edited
Loading

  • Use whoAmI api to dertermine user from the authentication context
  • Improve shared volume feature (still only Quobyte SUPER_USER can delete shared volume PVs)
  • Mount /etc/passwd and /etc/group into Quobyte CSI driver pods. Also, add the same to Quobyte client deployment example definition.

venkatsc added 12 commits January 31, 2025 10:16
@venkatsc
Update test cluster to k8s v1.32.0
fb02d6c
@venkatsc
Update Quobyte go api to v1.4.0
7e14e4a
@venkatsc
Improve shared volume access permissions
79b5f69 
Shared volume(s) is/are supposed to be accessed by all the pods
for creation and deletion of pvc inside it. Therefore, should
have open access (1777), and each pvc is created with (1700).
These default permissions ensure access to shared volume and
limited access to PVC inside it.

These shared volume permissions only apply, if user does not
create shared volume by themselves (and do not change permissions
via client). For, PVC that is created inside shared volume, the default
permissions can be overridden by storage class "accessMode:".
However, it is advised to set sticky bit and user:group (1xx0) permissions
only and leave out others permissions (set to 0).
@venkatsc
Resolve user/group from API
3c7cbd7 
..get user/group from the current user using Quobyte API
@venkatsc
Add shared volume user/group to node image
9208774
@venkatsc
Mount host users and groups into container
70b9b1d
@venkatsc
Mount host user/groups into client
0f9ec18
@venkatsc
Add sticky bit clarification
a5cc583
@venkatsc
update local test config
74801f5
@venkatsc
Update shared volume example
1788cc6
@venkatsc
Update helm test snapshot
d350533
@venkatsc
Update storage class examples
3f98044 
.. and add comment about optional user/group.
@venkatsc venkatsc merged commit f6d1d3f into master Feb 3, 2025
1 check passed
@venkatsc venkatsc deleted the use_who_am_i branch February 12, 2025 09:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@venkatsc