Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: Remove specification of user id for the Redis workload #5863

Merged
merged 4 commits into from
Apr 2, 2021

Conversation

sbose78
Copy link
Contributor

@sbose78 sbose78 commented Mar 25, 2021

Since we've already set runAsNonRoot: true for the redis workload, we shouldn't need to set the user id in the manifests anymore. When the user id is not set, the process would get run as USER 999 / redis . See redis/docker-library-redis#275 (comment)

Also, some distributions of Kubernetes, example OpenShift "automatically" assign a non-root user id. I've tested this change on OpenShift.

Given that the specification of user id is not needed either way, I feel, we should clean this up. This undoes https://github.com/argoproj/argo-cd/pull/4800/files .

sbose78 added 2 commits March 24, 2021 23:03
Signed-off-by: Shoubhik Bose <shbose@redhat.com>
Signed-off-by: Shoubhik Bose <shbose@redhat.com>
@sbose78 sbose78 changed the title Remove redis user Remove specification of user id for the Redis workload Mar 25, 2021
@jannfis
Copy link
Member

jannfis commented Mar 30, 2021

Can you please fix the unit tests here. We do count the number of manifests generated there, and since you've removed a Role manifest, the number is not equal to the one expected anymore.

@sbose78
Copy link
Contributor Author

sbose78 commented Mar 30, 2021 via email

@sbose78
Copy link
Contributor Author

sbose78 commented Apr 1, 2021

Done!

@codecov
Copy link

codecov bot commented Apr 1, 2021

Codecov Report

Merging #5863 (ee28373) into master (d085636) will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master    #5863   +/-   ##
=======================================
  Coverage   40.91%   40.91%           
=======================================
  Files         147      147           
  Lines       19635    19635           
=======================================
  Hits         8033     8033           
  Misses      10497    10497           
  Partials     1105     1105           

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d085636...ee28373. Read the comment docs.

Copy link
Member

@jannfis jannfis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@jannfis jannfis merged commit dc4eaff into argoproj:master Apr 2, 2021
yujunz added a commit to abcue/argo-cd that referenced this pull request Apr 7, 2021
* 4f9c500 (upstream/master) docs: k8s version in Ingress Configuration documentation (argoproj#5727)
* 7c88ac8 feat: Allow to pass Kubernetes configuration overrides (argoproj#5906)
* 834a5fa chore: Change grammar in high_availability.md (argoproj#5964)
* 2a2b81f fix: Improvements to mobile UI (argoproj#5965)
* f06fc0d feat: allow per-version kustomize options (argoproj#5967)
* 92c7ca0 chore: make argocd gitpod friendly (argoproj#5973)
* 1bc3348 Upgrade gitops-engine (argoproj#5972)
* a686f12 fix: run dex as nonroot (argoproj#5815)
* ed5c5b6 chore: Update go-git to v5 (argoproj#5520)
* ac3d4cc fix: correct package name in Makefile (argoproj#5960)
* 24b2cac chore: fix incorrect image name in 'publish' CI job (argoproj#5956)
* b37eee1 chore: fix invalid IMAGE_NAMESPACE in image 'publish' CI job (argoproj#5953)
* dc4eaff chore: Remove specification of user id for the Redis workload (argoproj#5863)
* 8eeb9a0 chore: use clusterrolebinding v1 (argoproj#5939)
* 7945286 docs: clarify that the certificate must be in PEM format (argoproj#5946)
* de522bf chore: migrate argocd dev images to ghcr.io (argoproj#5948)
* 0a53fb1 chore(deps): bump y18n from 4.0.0 to 4.0.1 in /ui (argoproj#5919)
* ae49b45 chore: Upgrade Go module to v2 (argoproj#5931)
* a2ebe15 add user (argoproj#5938)
* 7f5a23d Update USERS.md (argoproj#5835)
* 24218b4 docs: Propose an enhancement proposal process (argoproj#5771)
shubhamagarwal19 pushed a commit to shubhamagarwal19/argo-cd that referenced this pull request Apr 15, 2021
…oj#5863)

* fix: avoid specifying redis user

Signed-off-by: Shoubhik Bose <shbose@redhat.com>

* fix: generate manifests

Signed-off-by: Shoubhik Bose <shbose@redhat.com>

* chore: one less manifest

Signed-off-by: Shoubhik Bose <shbose@redhat.com>
kshamajain99 pushed a commit to kshamajain99/argo-cd that referenced this pull request Apr 16, 2021
…oj#5863)

* fix: avoid specifying redis user

Signed-off-by: Shoubhik Bose <shbose@redhat.com>

* fix: generate manifests

Signed-off-by: Shoubhik Bose <shbose@redhat.com>

* chore: one less manifest

Signed-off-by: Shoubhik Bose <shbose@redhat.com>
@jannfis jannfis changed the title Remove specification of user id for the Redis workload chore: Remove specification of user id for the Redis workload Jul 5, 2021
@chrisob
Copy link
Contributor

chrisob commented Sep 6, 2021

@jannfis @sbose78 Looks like this PR isn't quite working on OpenShift, as of Argo CD 2.1.2 the HA manifests still try to runAsUser: 1000 for redis-related workloads:

https://github.com/argoproj/argo-cd/blob/v2.1.2/manifests/ha/namespace-install.yaml#L1908
https://github.com/argoproj/argo-cd/blob/v2.1.2/manifests/ha/namespace-install.yaml#L1162

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants