chore: Remove hardcoded uid and gid

Author: lfrancke

CHANGELOG.md

@@ -28,6 +28,10 @@ All notable changes to this project will be documented in this file.
 - Use versioned common structs ([#572]).
 - BREAKING: Change the label `app.kubernetes.io/name` for Spark history and connect objects to use `spark-history` and `spark-connect` instead of `spark-k8s` ([#573]).
 - BREAKING: The history Pods now have their own ClusterRole named `spark-history-clusterrole` ([#573]).
+- BREAKING: Previously this operator would hardcode the UID and GID of the Pods being created to 1000/0, this has changed now ([#575])
+  - The `runAsUser` and `runAsGroup` fields will not be set anymore by the operator
+  - The defaults from the docker images itself will now apply, which will be different from 1000/0 going forward
+  - This is marked as breaking because tools and policies might exist, which require these fields to be set
 
 ### Fixed
 
@@ -52,6 +56,7 @@ All notable changes to this project will be documented in this file.
 [#572]: https://github.com/stackabletech/spark-k8s-operator/pull/572
 [#573]: https://github.com/stackabletech/spark-k8s-operator/pull/573
 [#574]: https://github.com/stackabletech/spark-k8s-operator/pull/574
+[#575]: https://github.com/stackabletech/spark-k8s-operator/pull/575
 
 ## [25.3.0] - 2025-03-21
 

rust/operator-binary/src/connect/server.rs

@@ -48,7 +48,7 @@ use crate::{
         constants::{
             JVM_SECURITY_PROPERTIES_FILE, LISTENER_VOLUME_DIR, LISTENER_VOLUME_NAME,
             LOG4J2_CONFIG_FILE, MAX_SPARK_LOG_FILES_SIZE, METRICS_PROPERTIES_FILE,
-            POD_TEMPLATE_FILE, SPARK_DEFAULTS_FILE_NAME, SPARK_UID, VOLUME_MOUNT_NAME_CONFIG,
+            POD_TEMPLATE_FILE, SPARK_DEFAULTS_FILE_NAME, VOLUME_MOUNT_NAME_CONFIG,
             VOLUME_MOUNT_NAME_LOG, VOLUME_MOUNT_NAME_LOG_CONFIG, VOLUME_MOUNT_PATH_CONFIG,
             VOLUME_MOUNT_PATH_LOG, VOLUME_MOUNT_PATH_LOG_CONFIG,
         },
@@ -246,8 +246,6 @@ pub(crate) fn build_stateful_set(
         )
         .context(AddVolumeSnafu)?
         .security_context(PodSecurityContext {
-            run_as_user: Some(SPARK_UID),
-            run_as_group: Some(0),
             fs_group: Some(1000),
             ..PodSecurityContext::default()
         });

rust/operator-binary/src/crd/constants.rs

@@ -86,7 +86,6 @@ pub const SPARK_DEFAULTS_FILE_NAME: &str = "spark-defaults.conf";
 pub const SPARK_ENV_SH_FILE_NAME: &str = "spark-env.sh";
 
 pub const SPARK_CLUSTER_ROLE: &str = "spark-k8s-clusterrole";
-pub const SPARK_UID: i64 = 1000;
 pub const METRICS_PORT: u16 = 18081;
 pub const HISTORY_UI_PORT: u16 = 18080;
 

rust/operator-binary/src/history/history_controller.rs

@@ -58,7 +58,7 @@ use crate::{
             HISTORY_UI_PORT, JVM_SECURITY_PROPERTIES_FILE, LISTENER_VOLUME_DIR,
             LISTENER_VOLUME_NAME, MAX_SPARK_LOG_FILES_SIZE, METRICS_PORT, OPERATOR_NAME,
             SECRET_ACCESS_KEY, SPARK_DEFAULTS_FILE_NAME, SPARK_ENV_SH_FILE_NAME,
-            SPARK_IMAGE_BASE_NAME, SPARK_UID, STACKABLE_TRUST_STORE, VOLUME_MOUNT_NAME_CONFIG,
+            SPARK_IMAGE_BASE_NAME, STACKABLE_TRUST_STORE, VOLUME_MOUNT_NAME_CONFIG,
             VOLUME_MOUNT_NAME_LOG, VOLUME_MOUNT_NAME_LOG_CONFIG, VOLUME_MOUNT_PATH_CONFIG,
             VOLUME_MOUNT_PATH_LOG, VOLUME_MOUNT_PATH_LOG_CONFIG,
         },
@@ -544,8 +544,6 @@ fn build_stateful_set(
         )
         .context(AddVolumeSnafu)?
         .security_context(PodSecurityContext {
-            run_as_user: Some(SPARK_UID),
-            run_as_group: Some(0),
             fs_group: Some(1000),
             ..PodSecurityContext::default()
         });

rust/operator-binary/src/spark_k8s_controller.rs

@@ -1023,8 +1023,6 @@ fn build_spark_role_serviceaccount(
 
 fn security_context() -> PodSecurityContext {
     PodSecurityContext {
-        run_as_user: Some(SPARK_UID),
-        run_as_group: Some(0),
         fs_group: Some(1000),
         ..PodSecurityContext::default()
     }