-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: Remove specification of user id for the Redis workload #5863
Conversation
Signed-off-by: Shoubhik Bose <shbose@redhat.com>
Signed-off-by: Shoubhik Bose <shbose@redhat.com>
Can you please fix the unit tests here. We do count the number of manifests generated there, and since you've removed a Role manifest, the number is not equal to the one expected anymore. |
Thank you for the hint, I'll fix it.
…On Tue, Mar 30, 2021, 14:42 jannfis ***@***.***> wrote:
Can you please fix the unit tests here
<https://github.com/argoproj/argo-cd/blob/75a1ea0c6183dc74d940547ebb220b5a5bb6bd63/reposerver/repository/repository_test.go#L132>.
We do count the number of manifests generated there, and since you've
removed a Role manifest, the number is not equal to the one expected
anymore.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#5863 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAEFEADCAB5YFSIDEL7BVALTGILPTANCNFSM4ZYRO3SA>
.
|
Signed-off-by: Shoubhik Bose <shbose@redhat.com>
Done! |
Codecov Report
@@ Coverage Diff @@
## master #5863 +/- ##
=======================================
Coverage 40.91% 40.91%
=======================================
Files 147 147
Lines 19635 19635
=======================================
Hits 8033 8033
Misses 10497 10497
Partials 1105 1105 Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks!
* 4f9c500 (upstream/master) docs: k8s version in Ingress Configuration documentation (argoproj#5727) * 7c88ac8 feat: Allow to pass Kubernetes configuration overrides (argoproj#5906) * 834a5fa chore: Change grammar in high_availability.md (argoproj#5964) * 2a2b81f fix: Improvements to mobile UI (argoproj#5965) * f06fc0d feat: allow per-version kustomize options (argoproj#5967) * 92c7ca0 chore: make argocd gitpod friendly (argoproj#5973) * 1bc3348 Upgrade gitops-engine (argoproj#5972) * a686f12 fix: run dex as nonroot (argoproj#5815) * ed5c5b6 chore: Update go-git to v5 (argoproj#5520) * ac3d4cc fix: correct package name in Makefile (argoproj#5960) * 24b2cac chore: fix incorrect image name in 'publish' CI job (argoproj#5956) * b37eee1 chore: fix invalid IMAGE_NAMESPACE in image 'publish' CI job (argoproj#5953) * dc4eaff chore: Remove specification of user id for the Redis workload (argoproj#5863) * 8eeb9a0 chore: use clusterrolebinding v1 (argoproj#5939) * 7945286 docs: clarify that the certificate must be in PEM format (argoproj#5946) * de522bf chore: migrate argocd dev images to ghcr.io (argoproj#5948) * 0a53fb1 chore(deps): bump y18n from 4.0.0 to 4.0.1 in /ui (argoproj#5919) * ae49b45 chore: Upgrade Go module to v2 (argoproj#5931) * a2ebe15 add user (argoproj#5938) * 7f5a23d Update USERS.md (argoproj#5835) * 24218b4 docs: Propose an enhancement proposal process (argoproj#5771)
…oj#5863) * fix: avoid specifying redis user Signed-off-by: Shoubhik Bose <shbose@redhat.com> * fix: generate manifests Signed-off-by: Shoubhik Bose <shbose@redhat.com> * chore: one less manifest Signed-off-by: Shoubhik Bose <shbose@redhat.com>
…oj#5863) * fix: avoid specifying redis user Signed-off-by: Shoubhik Bose <shbose@redhat.com> * fix: generate manifests Signed-off-by: Shoubhik Bose <shbose@redhat.com> * chore: one less manifest Signed-off-by: Shoubhik Bose <shbose@redhat.com>
@jannfis @sbose78 Looks like this PR isn't quite working on OpenShift, as of Argo CD 2.1.2 the HA manifests still try to https://github.com/argoproj/argo-cd/blob/v2.1.2/manifests/ha/namespace-install.yaml#L1908 |
Since we've already set
runAsNonRoot: true
for the redis workload, we shouldn't need to set the user id in the manifests anymore. When the user id is not set, the process would get run as USER 999 / redis . See redis/docker-library-redis#275 (comment)Also, some distributions of Kubernetes, example OpenShift "automatically" assign a non-root user id. I've tested this change on OpenShift.
Given that the specification of user id is not needed either way, I feel, we should clean this up. This undoes https://github.com/argoproj/argo-cd/pull/4800/files .