build: add securityContext and fix rabbitMQ cookie#233
build: add securityContext and fix rabbitMQ cookie#233viktoriaas wants to merge 11 commits intoelixir-cloud-aai:devfrom
Conversation
uniqueg
left a comment
uniqueg
left a comment
There was a problem hiding this comment.
Thanks @viktoriaas. I would like to see some comment about this being added to the deployment instructions, as I understand that (some of) this is optional. So basically mention what can be enabled, how it can be enabled, and under which circumstances this would be necessary/recommended.
Otherwise it looks fine to me. However, I'm probably not the right person for a more technical review. Maybe @zagganas and @lvarin could have a look? Also to see if this breaks anything on OpenShift.
| - /bin/sh | ||
| - -c | ||
| - | | ||
| chmod g-rw /var/lib/rabbitmq/.erlang.cookie; |
There was a problem hiding this comment.
What is this for? why is it necessary?
There was a problem hiding this comment.
I already explained in issue #233 . If rabbitMQ deployment is restarted (e.g. due to cluster failure) rabbitMQ cookie has incorrect permissions after restart ( rw-rw---- instead of rw-------). This is solved by chmod in main container before calling rabbitmq.
There was a problem hiding this comment.
The idea is to put the information about this workaround in the code itself (deployment/templates/rabbitmq/rabbitmq-deployment.yaml). Otherwise no one will ever find this information.
There was a problem hiding this comment.
comment added, is it ok now?
|
@lvarin @zagganas @uniqueg |
uniqueg
changed the title
4 participants
Details
For details see issue #232
Note
PR includes old commits from my repo. However, they are not relevant anymore and I removed the changes as they were not good. Only commits from 17 March 2022 are relevant.