Skip to content

feat: support setting securityContext for plugin side-car containers #25

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Agalin merged 1 commit into from
Sep 15, 2025
Merged

feat: support setting securityContext for plugin side-car containers #25

Agalin merged 1 commit into from
Sep 15, 2025

Conversation

@shajia-deshaw
Copy link

@shajia-deshaw shajia-deshaw commented Sep 8, 2025
edited
Loading

Unit tests are passing:

❯ go test ./internal/cnpgi/operator -v -ginkgo.focus="security context"
=== RUN   TestOperator
...
===============================================================================================
Random Seed: 1757319980

Will run 6 of 15 specs
SSSSSSSSS••••••

Ran 6 of 15 Specs in 0.003 seconds
SUCCESS! -- 6 Passed | 0 Failed | 0 Pending | 9 Skipped
--- PASS: TestOperator (0.00s)
PASS
ok      github.com/operasoftware/cnpg-plugin-pgbackrest/internal/cnpgi/operator 0.030s

I've also tested this in our restricted cluster environment and things are now working as expected.

Fixes: #24

@shajia-deshaw shajia-deshaw changed the title feat: support setting securityContetxt for plugin side-car containers feat: support setting securityContext for plugin side-car containers Sep 8, 2025
@Agalin Agalin self-requested a review September 9, 2025 08:49
@Agalin
Copy link
Collaborator

Agalin commented Sep 9, 2025

@shajia-deshaw code looks good but you need to squash and rewrite your commits to pass the linter:

[commitlint] ✖   subject may not be empty [subject-empty]
[commitlint] ✖   type may not be empty [type-empty]
[commitlint] ✖   message must be signed off [signed-off-by]
[commitlint] ⚠   body may not be empty [body-empty]
[commitlint] ⚠   references may not be empty [references-empty]

@Agalin
Copy link
Collaborator

Agalin commented Sep 11, 2025

Pipeline is failing because two generated files have not been updated.

For the manifest.yuaml file:

kustomize build kubernetes -o manifest.yaml

The zz_generated file should be generated automatically during golang build. If not, then make build should help.

@shajia-deshaw shajia-deshaw force-pushed the dev branch 2 times, most recently from c6c9937 to 97a6155 Compare September 13, 2025 13:34
@shajia-deshaw
Copy link
Author

shajia-deshaw commented Sep 15, 2025

@Agalin The current CI error doesn't seem to be related to this PR's change?

[lint] 
[lint] Error: input: container.from.withMountedCache.withMountedCache.withFile.withoutEnvVariable.withMountedCache.withMountedCache.withMountedCache.withMountedCache.withMountedCache.withMountedCache.withMountedCache.withMountedCache.withWorkdir.withMountedDirectory.withMountedFile.withExec.stdout process "golangci-lint run --config /work/config" did not complete successfully: exit code: 1
[lint] 
[lint] Stdout:
[lint] src/internal/cnpgi/common/wal.go:18:9: var-naming: avoid meaningless package names (revive)
[lint] package common
[lint]         ^
[lint] src/internal/pgbackrest/utils/env_utils.go:17:9: var-naming: avoid meaningless package names (revive)
[lint] package utils
[lint]         ^
[lint] 2 issues:
[lint] * revive: 2
[lint]

@Agalin
Copy link
Collaborator

Agalin commented Sep 15, 2025

Yeah, I've noticed. 😞 Will try to fix it today. Also I believe we should split CI into smaller parts, it's pretty unreadable as-is.

@Agalin
Copy link
Collaborator

Agalin commented Sep 15, 2025

@shajia-deshaw if you could rebase, I hope this will be merge'able. 🙂

@shajia-deshaw
feat: add configurable SecurityContext to `InstanceSidecarConfigura…
686d09d 
…tion`

Enable PSA compliance for the plugin side-car through optional `SecurityContext`
field in `Archive` spec. Maintains backward compatibility with nil defaults.

Signed-off-by: Afeedh Shaji <[email protected]>
@Agalin
Copy link
Collaborator

Agalin commented Sep 15, 2025

Looks like we're really unlucky and, between my fix and the CI re-run, Task maintainers have tagged a few new releases but not published them, causing arduino/setup-task to fail. 🤦 It took them over 40 minutes to publish the release.

@Agalin Agalin merged commit e5aa70c into operasoftware:main Sep 15, 2025
1 of 2 checks passed
@shajia-deshaw
Copy link
Author

shajia-deshaw commented Sep 16, 2025

Thanks for merging, @Agalin! Can I know the new release version so I can use it?

@shajia-deshaw
Copy link
Author

shajia-deshaw commented Sep 16, 2025

Ah, nvm. Noticed this PR: #28 - thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Agalin Agalin Agalin approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Can we set securityContext for plugin side-car containers?

2 participants

@shajia-deshaw @Agalin