cockroach-operator: Update operator so it doesn't rely on PID 0

The operator is still launching cockroachdb container processes as PID 0 - this needs to be fixed. This update should also allow us to move away from:

      - rules:
        - apiGroups:
          - security.openshift.io
          resourceNames:
          - anyuid
          resources:
          - securitycontextconstraints
          verbs:
          - use
        serviceAccountName: cockroach-database-sa

to:

      - rules:
        - apiGroups:
          - security.openshift.io
          resourceNames:
          - nonroot
          resources:
          - securitycontextconstraints
          verbs:
          - use
        serviceAccountName: cockroach-database-sa

In the openshift CSV

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 16 (16 by maintainers)

Most upvoted comments

We need to change: Command: []string{"/cockroach/cockroach"}, to Command: []string{"/cockroach/cockroach.sh"}, in https://github.com/cockroachdb/cockroach-operator/blob/master/pkg/resource/statefulset.go#L196

+1
keith-mcclellan on Mar 5, 2021
Read more comments on GitHub
← cockroach-operator: [Regression] Decommission is broken
cockroach-operator: Version checker runs but operator does not create cluster →