From f14899a59b5eaaab9d67e8f4f518c5226ec16390 Mon Sep 17 00:00:00 2001 From: Jonathan Yu Date: Sat, 27 May 2023 11:13:23 -0700 Subject: [PATCH 1/3] chore: update godoc for pod and container security context Add detailed description of SecurityContext and PodSecurityContext fields. --- apis/v1alpha1/opentelemetrycollector_types.go | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/apis/v1alpha1/opentelemetrycollector_types.go b/apis/v1alpha1/opentelemetrycollector_types.go index c95d64e436..e572afe59f 100644 --- a/apis/v1alpha1/opentelemetrycollector_types.go +++ b/apis/v1alpha1/opentelemetrycollector_types.go @@ -123,10 +123,25 @@ type OpenTelemetryCollectorSpec struct { // // +optional Autoscaler *AutoscalerSpec `json:"autoscaler,omitempty"` - // SecurityContext will be set as the container security context. + // SecurityContext configures the container security context for + // the opentelemetry-collector container. + // + // In deployment, daemonset, or statefulset mode, this controls + // the security context settings for the primary application + // container. + // + // In sidecar mode, this controls the security context for the + // injected sidecar container. + // // +optional SecurityContext *v1.SecurityContext `json:"securityContext,omitempty"` - + // PodSecurityContext configures the pod security context for the + // opentelemetry-collector pod, when running as a deployment, daemonset, + // or statefulset. + // + // In sidecar mode, the opentelemetry-operator will ignore this setting. + // + // +optional PodSecurityContext *v1.PodSecurityContext `json:"podSecurityContext,omitempty"` // PodAnnotations is the set of annotations that will be attached to // Collector and Target Allocator pods. From 910092ae32e802ab9e9a4046e1c2cdbdae16ac29 Mon Sep 17 00:00:00 2001 From: Jonathan Yu Date: Mon, 28 Aug 2023 10:54:30 -0700 Subject: [PATCH 2/3] make bundle --- .../opentelemetry-operator.clusterserviceversion.yaml | 2 +- .../opentelemetry.io_opentelemetrycollectors.yaml | 10 +++++----- .../opentelemetry.io_opentelemetrycollectors.yaml | 10 +++++----- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/bundle/manifests/opentelemetry-operator.clusterserviceversion.yaml b/bundle/manifests/opentelemetry-operator.clusterserviceversion.yaml index 64d5b2402d..c58aaaf486 100644 --- a/bundle/manifests/opentelemetry-operator.clusterserviceversion.yaml +++ b/bundle/manifests/opentelemetry-operator.clusterserviceversion.yaml @@ -31,7 +31,7 @@ metadata: categories: Logging & Tracing certified: "false" containerImage: ghcr.io/open-telemetry/opentelemetry-operator/opentelemetry-operator - createdAt: "2023-08-18T14:30:49Z" + createdAt: "2023-08-28T17:54:06Z" description: Provides the OpenTelemetry components, including the Collector operators.operatorframework.io/builder: operator-sdk-v1.29.0 operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 diff --git a/bundle/manifests/opentelemetry.io_opentelemetrycollectors.yaml b/bundle/manifests/opentelemetry.io_opentelemetrycollectors.yaml index c0b671a75c..b8ea7b1ec2 100644 --- a/bundle/manifests/opentelemetry.io_opentelemetrycollectors.yaml +++ b/bundle/manifests/opentelemetry.io_opentelemetrycollectors.yaml @@ -3703,9 +3703,9 @@ spec: attached to Collector and Target Allocator pods. type: object podSecurityContext: - description: PodSecurityContext holds pod-level security attributes - and common container settings. Some fields are also present in container.securityContext. Field - values of container. + description: PodSecurityContext configures the pod security context + for the opentelemetry-collector pod, when running as a deployment, + daemonset, or statefulset. properties: fsGroup: description: "A special supplemental group that applies to all @@ -3928,8 +3928,8 @@ spec: type: object type: object securityContext: - description: SecurityContext will be set as the container security - context. + description: SecurityContext configures the container security context + for the opentelemetry-collector container. properties: allowPrivilegeEscalation: description: AllowPrivilegeEscalation controls whether a process diff --git a/config/crd/bases/opentelemetry.io_opentelemetrycollectors.yaml b/config/crd/bases/opentelemetry.io_opentelemetrycollectors.yaml index 708270faae..efef24c324 100644 --- a/config/crd/bases/opentelemetry.io_opentelemetrycollectors.yaml +++ b/config/crd/bases/opentelemetry.io_opentelemetrycollectors.yaml @@ -3700,9 +3700,9 @@ spec: attached to Collector and Target Allocator pods. type: object podSecurityContext: - description: PodSecurityContext holds pod-level security attributes - and common container settings. Some fields are also present in container.securityContext. Field - values of container. + description: PodSecurityContext configures the pod security context + for the opentelemetry-collector pod, when running as a deployment, + daemonset, or statefulset. properties: fsGroup: description: "A special supplemental group that applies to all @@ -3925,8 +3925,8 @@ spec: type: object type: object securityContext: - description: SecurityContext will be set as the container security - context. + description: SecurityContext configures the container security context + for the opentelemetry-collector container. properties: allowPrivilegeEscalation: description: AllowPrivilegeEscalation controls whether a process From 8ee95e59cbef910b03da6bfbf42390c734beaf8c Mon Sep 17 00:00:00 2001 From: Jonathan Yu Date: Mon, 28 Aug 2023 11:26:03 -0700 Subject: [PATCH 3/3] re-run make api-docs --- docs/api.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/api.md b/docs/api.md index ad00221c45..1ea9410eda 100644 --- a/docs/api.md +++ b/docs/api.md @@ -3764,7 +3764,7 @@ OpenTelemetryCollectorSpec defines the desired state of OpenTelemetryCollector. podSecurityContext object - PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.
+ PodSecurityContext configures the pod security context for the opentelemetry-collector pod, when running as a deployment, daemonset, or statefulset.
false @@ -3801,7 +3801,7 @@ OpenTelemetryCollectorSpec defines the desired state of OpenTelemetryCollector. securityContext object - SecurityContext will be set as the container security context.
+ SecurityContext configures the container security context for the opentelemetry-collector container.
false @@ -11422,7 +11422,7 @@ Metrics defines the metrics configuration for operands. -PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container. +PodSecurityContext configures the pod security context for the opentelemetry-collector pod, when running as a deployment, daemonset, or statefulset. @@ -11821,7 +11821,7 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. -SecurityContext will be set as the container security context. +SecurityContext configures the container security context for the opentelemetry-collector container.