Skip to content

improvement: init spock security context #30

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
kevinpthorne wants to merge 6 commits into
base: main
Choose a base branch
from
Open

improvement: init spock security context #30

kevinpthorne wants to merge 6 commits into from

Conversation

@kevinpthorne
Copy link

@kevinpthorne kevinpthorne commented Dec 30, 2025
edited
Loading

Before this PR

init-spock job could not run in a hardened, restricted k8s namespace

After this PR

init-spock runs under a restricted security level by default, with editable values.

@kevinpthorne kevinpthorne marked this pull request as ready for review December 30, 2025 20:54
@kevinpthorne
Copy link
Author

kevinpthorne commented Dec 30, 2025

I have a feeling I shouldn't have bumped the version. I'll revert those changes too

@kevinpthorne kevinpthorne force-pushed the kevinpthorne/spock-security-context branch from 38edbe4 to db49e6e Compare December 30, 2025 21:14
@kevinpthorne kevinpthorne force-pushed the kevinpthorne/spock-security-context branch from db49e6e to 2192a1e Compare December 30, 2025 21:14
@kevinpthorne kevinpthorne force-pushed the kevinpthorne/spock-security-context branch from cd6a02b to 498bc49 Compare December 30, 2025 21:41
@kevinpthorne kevinpthorne force-pushed the kevinpthorne/spock-security-context branch from 498bc49 to 909c2ca Compare December 30, 2025 21:41
@kevinpthorne
Copy link
Author

kevinpthorne commented Dec 30, 2025

Tested on my local cluster ✅

@kevinpthorne
Copy link
Author

kevinpthorne commented Dec 30, 2025

the init job is failing due to not being able to authenticate with the rw host. Looking into why -- hoping its not related to this change.

@kevinpthorne
Copy link
Author

kevinpthorne commented Dec 30, 2025

I had a bad hba config - this looks like it works:

🎯 Configuring Spock for nodes:
 - 🖖 Node: test-data | Hostname: pgedge-cluster-test-data-rw
🔎 Found clusters in namespace pgedge: ['pgedge-cluster-test-data']
✅ All CloudNativePG clusters in namespace ready
✅ pgedge-cluster-test-data-rw is accepting connections
👤 Creating user pgedge on test-data
🖖 Created spock node test-data on pgedge-cluster-test-data-rw
🎉 Spock configuration successfully updated

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kevinpthorne