Skip to content

Fixing SCC issues for bucket logging#1391

Merged
jackyalbo merged 1 commit intonoobaa:masterfrom
jackyalbo:jacky_scc3000
Jul 23, 2024
Merged

Fixing SCC issues for bucket logging#1391
jackyalbo merged 1 commit intonoobaa:masterfrom
jackyalbo:jacky_scc3000

Conversation

@jackyalbo
Copy link
Contributor

@jackyalbo jackyalbo commented Jul 17, 2024

Explain the changes

  1. Added SA/Role/Rolebinding for noobaa-core pod. As I don't think any additional SSC caps over noobaa-db used this SCC
  2. Fixed noobaa-endpoint SCC to use MustRunAs instead RunAsAny to avoid inner namespace s3linux labeling - which blocks access between endpoints and core and between endpoints.

Issues: Fixed #xxx / Gap #xxx

Testing Instructions:

  • Doc added/updated
  • Tests added

@jackyalbo jackyalbo requested a review from dannyzaken July 17, 2024 15:29
@jackyalbo
Fixing scc issues for bucket logging
d95e476 
Signed-off-by: jackyalbo <jacky.albo@gmail.com>
@jackyalbo jackyalbo merged commit be3fe5e into noobaa:master Jul 23, 2024
@shirady shirady mentioned this pull request Oct 29, 2024
Merged
2 tasks
shirady added a commit to shirady/noobaa-operator that referenced this pull request Oct 29, 2024
@shirady
Docs | STS | Update Docs (noobaa core service account name changed)
e0a4df4 
1. In PR Fixing SCC issues for bucket logging noobaa#1391 the service account name of statefulset-core.yaml was changed from "noobaa" to 'noobaa-core" (see here), hence we update the existing docs related to AWS STS.
2. Added a comment near the service account name, in case someone would change it so it would know that there additional actions and impact on users of existing deployed AWS STS clusters for this change.
3. Added a section in the troubleshooting for such case, or for partial trust policy (that doesn't have the new service account).

Signed-off-by: shirady <57721533+shirady@users.noreply.github.com>
ezio-auditore pushed a commit to ezio-auditore/noobaa-operator that referenced this pull request Jan 13, 2025
@shirady
Docs | STS | Update Docs (noobaa core service account name changed)
7d11e50 
1. In PR Fixing SCC issues for bucket logging noobaa#1391 the service account name of statefulset-core.yaml was changed from "noobaa" to 'noobaa-core" (see here), hence we update the existing docs related to AWS STS.
2. Added a comment near the service account name, in case someone would change it so it would know that there additional actions and impact on users of existing deployed AWS STS clusters for this change.
3. Added a section in the troubleshooting for such case, or for partial trust policy (that doesn't have the new service account).

Signed-off-by: shirady <57721533+shirady@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dannyzaken dannyzaken dannyzaken approved these changes

Assignees

No one assigned

Labels

size/L

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jackyalbo @dannyzaken