Skip to content

Change default user id and gid #916

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
May 9, 2025
Merged

Change default user id and gid #916

merged 3 commits into from
May 9, 2025

Conversation

lfrancke
Copy link
Member

@lfrancke lfrancke commented Nov 5, 2024
edited
Loading

Description

Part of stackabletech/issues#645

Change default user id and gid to the same ones we use in the operators themselves.
These are only the defaults that are used when a Pod does not specify their own securityContext.runAsUser or runAsGroup.

As of now all our operators do set these (and fsGroup) to 1000 and 0 respectively.
As the next step we want to remove that hardcoding so the default would then fall back to what we specify here.

Therefore I do believe that this PR should be a simple change with no downstream consequences until the PRs from stackabletech/issues#651 are merged.

Definition of Done Checklist

  • Changes are OpenShift compatible
  • Add an entry to the CHANGELOG.md file
  • Integration tests ran successfully
TIP: Running integration tests with a new product image

The image can be built and uploaded to the kind cluster with the following commands:

bake --product <product> --image-version <stackable-image-version>
kind load docker-image <image-tagged-with-the-major-version> --name=<name-of-your-test-cluster>

See the output of bake to retrieve the image tag for <image-tagged-with-the-major-version>.

@stackable-bot
Copy link
Contributor

stackable-bot commented Nov 5, 2024
edited
Loading

CLA assistant check
All committers have signed the CLA.

@lfrancke lfrancke self-assigned this Nov 5, 2024
@lfrancke lfrancke mentioned this pull request Nov 15, 2024
Open
26 tasks
@lfrancke lfrancke force-pushed the push-kynqsyykoyxq branch 2 times, most recently from 8f359e6 to 062ee3f Compare November 19, 2024 16:55
This was referenced May 6, 2025
Merged
Merged
@lfrancke lfrancke force-pushed the push-kynqsyykoyxq branch from 062ee3f to 9c0ba33 Compare May 7, 2025 20:43
@lfrancke lfrancke marked this pull request as ready for review May 7, 2025 20:45
@lfrancke lfrancke moved this from Development: In Progress to Development: Waiting for Review in Stackable Engineering May 7, 2025
sbernauer
sbernauer reviewed May 8, 2025
View reviewed changes
@sbernauer sbernauer moved this from Development: Waiting for Review to Development: In Review in Stackable Engineering May 8, 2025
@lfrancke lfrancke requested a review from sbernauer May 8, 2025 15:11
@lfrancke lfrancke force-pushed the push-kynqsyykoyxq branch from bf5a6a4 to 826434c Compare May 8, 2025 15:39
@lfrancke lfrancke enabled auto-merge May 8, 2025 15:40
@lfrancke lfrancke added this pull request to the merge queue May 9, 2025
@sbernauer sbernauer moved this from Development: In Review to Development: Done in Stackable Engineering May 9, 2025
Merged via the queue into main with commit b4b5a33 May 9, 2025
3 checks passed
@lfrancke lfrancke deleted the push-kynqsyykoyxq branch May 9, 2025 05:37
@lfrancke lfrancke added the release-note Denotes a PR that will be considered when it comes time to generate release notes. label May 9, 2025
@lfrancke
Copy link
Member Author

lfrancke commented May 9, 2025

Release Notes

The default user id and group id used by all our docker images was 1000. This has now been changed to high random numbers (782252253 / 574654813 respectively). Additionally our operators also hardcoded these values. This also changed which means that the user ids and group ids will change as of this release. This is for security purposes to reduce the chance of overlaps with existing ids on the host.

@lfrancke lfrancke moved this from Development: Done to Done in Stackable Engineering May 9, 2025
lfrancke added a commit that referenced this pull request May 12, 2025
@lfrancke
Revert "Change default user id and gid (#916)"
a03e845 
This reverts commit b4b5a33.
github-merge-queue bot pushed a commit that referenced this pull request May 12, 2025
@lfrancke
Revert "Change default user id and gid (#916)" (#1115)
d803a8e 
This reverts commit b4b5a33.
This was referenced May 20, 2025
Merged
Merged
Merged
This was referenced May 28, 2025
Merged
Merged
Merged
Merged
Merged
Merged
@lfrancke lfrancke removed release-note Denotes a PR that will be considered when it comes time to generate release notes. release/25.7.0 labels Jun 1, 2025
@lfrancke
Copy link
Member Author

lfrancke commented Jun 1, 2025

This was reverted in #1115 and needs to be reapplied once Step 2 from the issue to not hardcode uid & gid in operators is finished.

@lfrancke lfrancke mentioned this pull request Jun 2, 2025
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sbernauer sbernauer sbernauer approved these changes

Assignees

@lfrancke lfrancke

Labels
None yet
Projects
Stackable Engineering
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lfrancke @stackable-bot @sbernauer