-
Notifications
You must be signed in to change notification settings - Fork 142
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
VMAlertmanager permission problems with persistent storage configuration #762
Comments
VMAlertmanager is actually using alertmanager image from prom/alertmanager which using
Prometheus operator doesn't handle or document this, and in charts, it will have a default securityContext using |
I think, it'd be great to provide It allows to perform migration for insecure components by granular changes. E.g. you can start for new components adding strict security. Migrate old ones one-by-one into new model and enforce global param at operator env, when migration finished. |
it allows to migrate from insecure deployments to strictly secured per component. #762
Hello @Munsio Close this as completed, free feel to reopen if there is problem. |
Describe the bug
In the Operator way when creating a
VMAlertmanager
CRD Object it is possible to define aspec.storage.volumeClaimTemplate
for persistent storage of logs and silence rules from Alertmanager.Unfortunately the user with witch the directory is mounted is the
root
user and the pod runs asnobody
with such a configuration the alertmanager is not able to persist the data.I know this is only applicable when not using multiple replicas of Alertmanager .
I was able to use an
initContainer
to chown the mounted directory before. Maybe this could be added in the Documentation?To Reproduce
Version
victoria-metrics-operator-0.27.0 chart with version 0.38.0
Logs
No response
Screenshots
No response
Used command-line flags
No response
Additional information
No response
The text was updated successfully, but these errors were encountered: