Allow k8s administrators to override ZNode path #681
Assignees
Labels
Comments
|
LGTM |
|
Moving this into the voting phase. |
|
No dissent, considering this accepted. |
|
Is this anything we documented? |
|
Is this already implemented? #799 looks like the implementation and is not merged yet |
|
I don't know. I found this in the |
|
Not sure how this got moved to done, #799 has indeed not been reviewed yet.
It's documented in the PR, but since that still hasn't been merged... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is currently not allowed because it would let users escalate "Is allowed to create sandboxed ZNodes" to "Is allowed to take ownership of any named ZNode".
However, this is preventing users from restoring failed clusters from backups, since there is no way to influence the UID generation at all. One possible compromise would be to introduce a new field
ZookeeperZnode.status.znodePath, which defaults to/{uid}. This would let administrators status-patch the object to override the path, while regular users are typically prohibited (by K8s) from editing the status subresource.The text was updated successfully, but these errors were encountered: