From 48235bc0f73e42308198e892a633bdc533c022f7 Mon Sep 17 00:00:00 2001 From: Marcin Dobosz Date: Wed, 13 Dec 2023 13:49:32 +0100 Subject: [PATCH] Revert "[Issue #741] Add fsGroup for runtime pod (#743)" This reverts commit 2cd631cf8455d58d63bb1c483346681c0a74e95d. --- .../deployer/k8s/apps/AppResourcesFactory.java | 18 ++++++++++++------ .../k8s/apps/AppResourcesFactoryTest.java | 8 -------- 2 files changed, 12 insertions(+), 14 deletions(-) diff --git a/langstream-k8s-deployer/langstream-k8s-deployer-core/src/main/java/ai/langstream/deployer/k8s/apps/AppResourcesFactory.java b/langstream-k8s-deployer/langstream-k8s-deployer-core/src/main/java/ai/langstream/deployer/k8s/apps/AppResourcesFactory.java index ae49260b9..ba12db6bd 100644 --- a/langstream-k8s-deployer/langstream-k8s-deployer-core/src/main/java/ai/langstream/deployer/k8s/apps/AppResourcesFactory.java +++ b/langstream-k8s-deployer/langstream-k8s-deployer-core/src/main/java/ai/langstream/deployer/k8s/apps/AppResourcesFactory.java @@ -32,7 +32,18 @@ import ai.langstream.runtime.api.application.ApplicationSetupConstants; import ai.langstream.runtime.api.deployer.RuntimeDeployerConfiguration; import ai.langstream.runtime.api.deployer.RuntimeDeployerConstants; -import io.fabric8.kubernetes.api.model.*; +import io.fabric8.kubernetes.api.model.Container; +import io.fabric8.kubernetes.api.model.ContainerBuilder; +import io.fabric8.kubernetes.api.model.EmptyDirVolumeSource; +import io.fabric8.kubernetes.api.model.EnvVar; +import io.fabric8.kubernetes.api.model.EnvVarBuilder; +import io.fabric8.kubernetes.api.model.KeyToPathBuilder; +import io.fabric8.kubernetes.api.model.Pod; +import io.fabric8.kubernetes.api.model.Quantity; +import io.fabric8.kubernetes.api.model.Volume; +import io.fabric8.kubernetes.api.model.VolumeBuilder; +import io.fabric8.kubernetes.api.model.VolumeMount; +import io.fabric8.kubernetes.api.model.VolumeMountBuilder; import io.fabric8.kubernetes.api.model.batch.v1.Job; import io.fabric8.kubernetes.api.model.batch.v1.JobBuilder; import io.fabric8.kubernetes.client.KubernetesClient; @@ -382,7 +393,6 @@ private static Job generateJob( .withLabels(labels) .endMetadata() .withNewSpec() - .withSecurityContext(getPodSecurityContext()) .withTolerations(podTemplate != null ? podTemplate.tolerations() : null) .withNodeSelector(podTemplate != null ? podTemplate.nodeSelector() : null) .withServiceAccountName(serviceAccountName) @@ -456,10 +466,6 @@ private static Map getPodAnnotations(PodTemplate podTemplate) { return annotations; } - private static PodSecurityContext getPodSecurityContext() { - return new PodSecurityContextBuilder().withFsGroup(10_000L).build(); - } - public static Map getLabelsForDeployer(boolean delete, String applicationId) { return Map.of( CRDConstants.COMMON_LABEL_APP, diff --git a/langstream-k8s-deployer/langstream-k8s-deployer-core/src/test/java/ai/langstream/deployer/k8s/apps/AppResourcesFactoryTest.java b/langstream-k8s-deployer/langstream-k8s-deployer-core/src/test/java/ai/langstream/deployer/k8s/apps/AppResourcesFactoryTest.java index 9e98f1620..e04465590 100644 --- a/langstream-k8s-deployer/langstream-k8s-deployer-core/src/test/java/ai/langstream/deployer/k8s/apps/AppResourcesFactoryTest.java +++ b/langstream-k8s-deployer/langstream-k8s-deployer-core/src/test/java/ai/langstream/deployer/k8s/apps/AppResourcesFactoryTest.java @@ -127,8 +127,6 @@ void testDeployerJob() { - mountPath: /cluster-runtime-config name: cluster-runtime-config restartPolicy: Never - securityContext: - fsGroup: 10000 serviceAccountName: my-tenant volumes: - emptyDir: {} @@ -228,8 +226,6 @@ void testDeployerJob() { - mountPath: /cluster-runtime-config name: cluster-runtime-config restartPolicy: Never - securityContext: - fsGroup: 10000 serviceAccountName: my-tenant volumes: - emptyDir: {} @@ -346,8 +342,6 @@ void testSetupJob() { - mountPath: /cluster-runtime-config name: cluster-runtime-config restartPolicy: Never - securityContext: - fsGroup: 10000 serviceAccountName: runtime-my-tenant volumes: - emptyDir: {} @@ -444,8 +438,6 @@ void testSetupJob() { - mountPath: /cluster-runtime-config name: cluster-runtime-config restartPolicy: Never - securityContext: - fsGroup: 10000 serviceAccountName: runtime-my-tenant volumes: - emptyDir: {}