Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: pebble identities with rootless charms #17578

Merged
merged 3 commits into from
Jul 19, 2024
Merged

feat: pebble identities with rootless charms #17578

merged 3 commits into from
Jul 19, 2024

Conversation

hpidcock
Copy link
Member

@hpidcock hpidcock commented Jun 24, 2024
edited
Loading

Uses updated pebble version with pebble identities so that the charm container in a k8s deployment can run without root and connect to the pebble instances running in the workload containers (who may be running as a different user).

With this patch the charm can specify in the metadata.yaml a charm-user field with either the values root, non-root or sudoer.

charm-user user user-id
root root 0
non-root juju 170
sudoer sjuju 171

QA steps

  • test root charm can be deployed
  • test model with root charm from 3.5 can be model migrated
  • test rootless charm can be deployed (with charm-user: non-root and charm-user: sudoer) works
  • run integration tests ./main.sh -p k8s -c minikube sidecar test_rootless

Documentation changes

Document in metadata.yaml docs the charm-user field.

Links

Jira card: JUJU-5130

@hpidcock hpidcock added 3.6 dependencies Pull requests that update a dependency file do not merge Even if a PR has been approved, do not merge the PR! labels Jun 24, 2024
@hpidcock hpidcock changed the title WIP: feat: pebble identities with rootless charms feat: pebble identities with rootless charms Jul 11, 2024
@hpidcock hpidcock self-assigned this Jul 11, 2024
@hpidcock hpidcock removed has merge conflicts do not merge Even if a PR has been approved, do not merge the PR! labels Jul 18, 2024
@hpidcock hpidcock requested review from tlm and wallyworld July 18, 2024 13:47
wallyworld
wallyworld approved these changes Jul 19, 2024
View reviewed changes
Copy link
Member

@wallyworld wallyworld left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

QA went well. Like the separation of the spec tests.

@hpidcock
Copy link
Member Author

/merge

@jujubot jujubot merged commit 82dd6fd into juju:3.6 Jul 19, 2024
21 of 23 checks passed
@barrettj12 barrettj12 mentioned this pull request Jul 21, 2024
Merged
jujubot added a commit that referenced this pull request Jul 22, 2024
@jujubot
Merge pull request #17783 from barrettj12/merge-3.6-main-20240722
f71c997 
#17783

Merges the following patches:
- #17761
- #17768
- #17578
- #17764
- #17763
- #17762
- #17760
- #17745
- #17486

### Conflicts
- apiserver/facades/client/client/client.go
- apiserver/facades/client/client/client_test.go
- apiserver/facades/client/controller/controller.go
- apiserver/facades/client/controller/controller_test.go
- apiserver/facades/client/controller/destroy_test.go
- apiserver/facades/client/controller/register.go
- apiserver/facades/client/modelupgrader/upgrader_test.go
- caas/kubernetes/provider/application/application_test.go
- cmd/containeragent/initialize/command.go
- cmd/containeragent/initialize/package_test.go
- cmd/juju/metricsdebug/collectmetrics.go
- cmd/juju/metricsdebug/metrics.go
- cmd/juju/waitfor/waitfor.go
- docker/registry/mocks/registry_mock.go
- go.mod
- go.sum
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wallyworld wallyworld wallyworld approved these changes

@tlm tlm Awaiting requested review from tlm

Assignees

@hpidcock hpidcock

Labels
3.6 dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@hpidcock @wallyworld @jujubot