Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

VZ-8024: update fluentd daemonset to meet pod and container security standards #5072

Merged
merged 9 commits into from Jan 12, 2023
Merged

VZ-8024: update fluentd daemonset to meet pod and container security standards #5072

merged 9 commits into from Jan 12, 2023

Conversation

adiforluls
Copy link
Contributor

@adiforluls adiforluls commented Jan 6, 2023
edited

PR to add pod and container security context to fluentd. Tried to run the pod as non-root fluent user, but from local testing, and from some issues reported on the internet and github, it's not feasible (Refs: Some info here and here). The /var/log dir mounted from the host node is owned by root, we don't control enough to make this work.

After dropping all caps from the fluentd container, had to add back DAC_OVERRIDE cap for input tail plugin, found info here
Without this, some logs were not being sent due to permission problems.

Also updated e2e tests.

@sonarcloud
Copy link

sonarcloud bot commented Jan 12, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@adiforluls adiforluls merged commit 3b3cee5 into master Jan 12, 2023
@adiforluls adiforluls deleted the aditya/VZ-8024 branch January 12, 2023 13:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michael-cico michael-cico michael-cico approved these changes

@pfmackin pfmackin Awaiting requested review from pfmackin

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@adiforluls @michael-cico