Penghui, Unfortunately, I think we have to cancel this vote.
The change https://github.com/apache/pulsar/pull/8796 has broken the Pulsar Functions running on Kubernetes. The Pulsar Functions Kubernetes runtime generates a secret and mounts it using mode `256`. That means the secret is only able to read by the user. The StatefulSet created by Kubernetes runtime mounts the secrets under the `root` user. Hence only the root user is able to read the secret. This results in any functions submitted will fail to read the authentication information. Because all the Kubernetes resources generated by the Kubernetes runtime are hardcoded. There is no easy way to change the security context for the function statefulsets. My take here is to revert the change in https://github.com/apache/pulsar/pull/8796 to go back to the root user until we address the issues in the Kubernetes runtime. If there are other approaches to get around this issue, please let me know. Otherwise, we have to cancel this vote. - Sijie On Mon, Jun 7, 2021 at 4:02 PM PengHui Li <[email protected]> wrote: > Hi all, > > I have also pushed the docker image to my personal dockerhub account. > If you want to verify on docker, you use use following images > > https://hub.docker.com/repository/docker/lph890127/pulsar > https://hub.docker.com/repository/docker/lph890127/pulsar-all > https://hub.docker.com/repository/docker/lph890127/pulsar-standalone > > Thanks, > Penghui > > Matteo Merli <[email protected]> 于2021年6月8日周二 上午3:31写道: > > > +1 binding > > > > Checked: > > * Signatures > > * Bin distribution: > > - NOTICE, README, LICENSE > > - Start standalone service and producer/consumer test > > * Src distribution: > > - NOTICE, README, LICENSE > > - Compile and unit tests > > - Start standalone service > > * Checked staging maven repository artifacts > > > > > > -- > > Matteo Merli > > <[email protected]> > > > > On Mon, Jun 7, 2021 at 6:21 AM PengHui Li <[email protected]> wrote: > > > > > > This is the first release candidate for Apache Pulsar, version 2.8.0. > > > > > > It fixes the following > > > issues: > > > https://github.com/apache/pulsar/pulls?q=is%3Apr+milestone%3A2.8.0+-label%3Arelease%2F2.7.1+-label%3Arelease%2F2.7.2+is%3Aclosed > > > > > > *** Please download, test and vote on this release. This vote will stay > > open > > > for at least 72 hours *** > > > > > > Note that we are voting upon the source (tag), binaries are provided > for > > > convenience. > > > > > > Source and binary > > > files: > > https://dist.apache.org/repos/dist/dev/pulsar/pulsar-2.8.0-candidate-1/ > > > > > > SHA-512 checksums: > > > > > > > > > 48306629a261f78c560b449f85b58b6e66ae9c7464961ec3990784a97dcb75870f32bfe99393f60195224a66e6b29f06154230a96a7d5edecddb35618a2d69b2 > > > apache-pulsar-2.8.0-SNAPSHOT-bin.tar.gz > > > > > > 3fdab0dad99d7ef2fe9728c1b538d424ef95b208b5d1d01aa7fc23859fe8c8f82074be9ba6426f525159a33ea742ca892c34b87fa641f94c8ddbb84fbacab6eb > > > apache-pulsar-2.8.0-SNAPSHOT-src.tar.gz > > > > > > Maven staging repo: > > https://repository.apache.org/content/repositories/orgapachepulsar-1088/ > > > > > > The tag to be voted upon: > > > v2.8.0-candidate-1 > > > (73172334d15e29b7755e5792d7c577f48e54554d) > > https://github.com/apache/pulsar/releases/tag/v2.8.0-candidate-1 > > > > > > Pulsar's KEYS file containing PGP keys we use to sign the > > > release:https://dist.apache.org/repos/dist/dev/pulsar/KEYS > > > > > > Please download the the source package, and follow the README to build > > > and run the Pulsar standalone service. > > >
