Skip to content

Use /root as home dir instead of /home/nonroot when running as root #1100

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
May 22, 2025
Merged

Use /root as home dir instead of /home/nonroot when running as root #1100

merged 4 commits into from
May 22, 2025

Conversation

rfranzke
Copy link
Member

How to categorize this PR?

/area usability
/kind bug

What this PR does / why we need it:
In #1088, we introduced spec.runAsRoot in the Etcd API. However, when set to true and when using the local provider for backups, the bucket path is mounted to /home/nonroot. This does not play well together with etcd-backup-restore which uses the home directory for looking up the bucket: https://github.com/gardener/etcd-backup-restore/blob/beafd20c79dd41e266c303590e3fe8cc316a46bb/pkg/snapstore/utils.go#L72-L76

This PR changes the mount path to /root when .spec.runAsRoot is set to true. The init container is not needed in this case.

Which issue(s) this PR fixes:
Follow-up of #1088

Special notes for your reviewer:
/cc @unmarshall @anveshreddy18

Release note:

NONE

@rfranzke rfranzke requested a review from a team as a code owner May 15, 2025 11:31
@gardener-robot gardener-robot added needs/review Needs review area/usability Usability related kind/bug Bug size/m Size of pull request is medium (see gardener-robot robot/bots/size.py) labels May 15, 2025
@gardener-robot-ci-1 gardener-robot-ci-1 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels May 15, 2025
@rfranzke rfranzke mentioned this pull request May 15, 2025
Open
@rfranzke
Copy link
Member Author

/cc @ishan16696 @shreyas-s-rao

ishan16696
ishan16696 reviewed May 21, 2025
View reviewed changes
rfranzke added 4 commits May 21, 2025 11:51
@rfranzke
Prefactor: Make getBackupStoreProvider func reusable
da1f538
@rfranzke
Adapt mount path for local bucket when running as root
95bc28a 
`etcd-backup-restore` uses the `os.HomeDir()` when using the local
provider, so we must mount the container properly to `/root` when
running as `root` user.
@rfranzke
Do not use init container when running as root
e1e7179 
Not needed to change the permissions when already running as root
@rfranzke
Address PR review feedback
0177b4b
@rfranzke rfranzke requested a review from ishan16696 May 21, 2025 10:06
@gardener-robot-ci-2 gardener-robot-ci-2 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label May 21, 2025
@gardener-robot-ci-1 gardener-robot-ci-1 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label May 21, 2025
ishan16696
ishan16696 approved these changes May 22, 2025
View reviewed changes
Copy link
Member

@ishan16696 ishan16696 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!!

anveshreddy18
anveshreddy18 approved these changes May 22, 2025
View reviewed changes
Copy link
Contributor

@anveshreddy18 anveshreddy18 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR. LGTM!

@ishan16696 ishan16696 merged commit ef96e8f into gardener:master May 22, 2025
13 checks passed
@gardener-robot gardener-robot added the status/closed Issue is closed (either delivered or triaged) label May 22, 2025
@rfranzke rfranzke deleted the homedir branch May 22, 2025 07:23
@shreyas-s-rao shreyas-s-rao mentioned this pull request May 29, 2025
Open
8 tasks
Shreyas-s14 pushed a commit to Shreyas-s14/etcd-druid that referenced this pull request Jun 4, 2025
@rfranzke @Shreyas-s14
Use /root as home dir instead of /home/nonroot when running as `r…
86a944e 
…oot` (gardener#1100)

* Prefactor: Make `getBackupStoreProvider` func reusable

* Adapt mount path for local bucket when running as `root`

`etcd-backup-restore` uses the `os.HomeDir()` when using the local
provider, so we must mount the container properly to `/root` when
running as `root` user.

* Do not use init container when running as root

Not needed to change the permissions when already running as root

* Address PR review feedback
@Shreyas-s14 Shreyas-s14 added this to the v0.31.0 milestone Jul 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ishan16696 ishan16696 ishan16696 approved these changes

@anveshreddy18 anveshreddy18 anveshreddy18 approved these changes

Assignees
No one assigned
Labels
area/usability Usability related kind/bug Bug needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) needs/review Needs review size/m Size of pull request is medium (see gardener-robot robot/bots/size.py) status/closed Issue is closed (either delivered or triaged)
Projects
None yet
Milestone
v0.31.0
Development

Successfully merging this pull request may close these issues.
7 participants
@rfranzke @ishan16696 @anveshreddy18 @gardener-robot-ci-1 @gardener-robot-ci-2 @gardener-robot @Shreyas-s14