chore: document minimal security context settings #1278
Conversation
|
|
README.md
Outdated
|
|
||
| You can optionally configure `runAsUser` and set it to `10001`, as this is the `USER` defined in the [opentelemetry-collector Dockerfile](https://github.com/open-telemetry/opentelemetry-collector-releases/blob/main/distributions/otelcol/Dockerfile). In OpenShift, however, configuring this explicitly will conflict with the default `restricted` Security Context Constraint, which runs pods with a project/namespace-specific User ID (UID). | ||
|
|
||
| For a full list of settings, consult the type definition in [opentelemetrycollector_types.go](./apis/v1alpha1/opentelemetrycollector_types.go) or [API docs](./docs/api.md). |
There was a problem hiding this comment.
This line might not be necessary, since the API docs are mentioned at the top. Happy to remove it according to your preference!
There was a problem hiding this comment.
yes, we can remove this line
README.md
Outdated
|
|
||
| You can optionally configure `runAsUser` and set it to `10001`, as this is the `USER` defined in the [opentelemetry-collector Dockerfile](https://github.com/open-telemetry/opentelemetry-collector-releases/blob/main/distributions/otelcol/Dockerfile). In OpenShift, however, configuring this explicitly will conflict with the default `restricted` Security Context Constraint, which runs pods with a project/namespace-specific User ID (UID). | ||
|
|
||
| For a full list of settings, consult the type definition in [opentelemetrycollector_types.go](./apis/v1alpha1/opentelemetrycollector_types.go) or [API docs](./docs/api.md). |
There was a problem hiding this comment.
yes, we can remove this line
|
Ah, apologies, I need to clear up the CLA issue before I can proceed |
jawnsy
force-pushed
the
document-restricted-security-context
branch
from
588c80a
to
f5ecbe1
Compare
|
Sorry for the long delay, and thanks for your patience. I've rebased and addressed comments (removed the reference to the API file), and this pull request is now ready for another review. |
TylerHelmuth
added
the
Skip Changelog
|
Any update on this? |
Add documentation that describes how to use opentelemetry-operator in restrictive clusters, such as enabling runAsRoot, dropping capabilities, and configuring seccomp confinement.
jawnsy
force-pushed
the
document-restricted-security-context
branch
from
f5ecbe1
to
a39a5e0
Compare
|
@pavolloffay @frzifus Hey, I've rebased and this should be ready for review when you have a moment! |
|
Awesome thanks @jawnsy |
|
Thanks guys. Greatly appreciated. |
|
@jawnsy Still need one more for this to get merged <3 |
@R011y Sorry, can you please clarify -- what are the next steps here? Do I need to make more changes, or are we waiting for another review? |
Just needs another review. No changes requested. |
|
Just for awareness in case others come across this issue: |
|
Add me as a reviewer if you want @jawnsy, if that's possible. |
|
@R011y mind reviewing this so i can merge this finally? |
Add documentation that describes how to use opentelemetry-operator in restrictive clusters, such as enabling runAsRoot, dropping capabilities, and configuring seccomp confinement.
Closes: #1264