Agree, there seems to be no way to fix this in the Helm charts because the functions stateful set is created outside Helm.
Created a PR to revert: https://github.com/apache/pulsar/pull/10861 -- Matteo Merli <matteo.me...@gmail.com> On Mon, Jun 7, 2021 at 6:26 PM Sijie Guo <guosi...@gmail.com> wrote: > > Penghui, > > Unfortunately, I think we have to cancel this vote. > > The change https://github.com/apache/pulsar/pull/8796 has broken the Pulsar > Functions running on Kubernetes. > > The Pulsar Functions Kubernetes runtime generates a secret and mounts it > using mode `256`. That means the secret is only able to read by the user. > The StatefulSet created by Kubernetes runtime mounts the secrets under the > `root` user. Hence only the root user is able to read the secret. This > results in any functions submitted will fail to read the authentication > information. > > Because all the Kubernetes resources generated by the Kubernetes runtime > are hardcoded. There is no easy way to change the security context for the > function statefulsets. My take here is to revert the change in > https://github.com/apache/pulsar/pull/8796 to go back to the root user > until we address the issues in the Kubernetes runtime. > > If there are other approaches to get around this issue, please let me know. > Otherwise, we have to cancel this vote. > > - Sijie > > On Mon, Jun 7, 2021 at 4:02 PM PengHui Li <peng...@apache.org> wrote: > > > Hi all, > > > > I have also pushed the docker image to my personal dockerhub account. > > If you want to verify on docker, you use use following images > > > > https://hub.docker.com/repository/docker/lph890127/pulsar > > https://hub.docker.com/repository/docker/lph890127/pulsar-all > > https://hub.docker.com/repository/docker/lph890127/pulsar-standalone > > > > Thanks, > > Penghui > > > > Matteo Merli <mme...@apache.org> 于2021年6月8日周二 上午3:31写道: > > > > > +1 binding > > > > > > Checked: > > > * Signatures > > > * Bin distribution: > > > - NOTICE, README, LICENSE > > > - Start standalone service and producer/consumer test > > > * Src distribution: > > > - NOTICE, README, LICENSE > > > - Compile and unit tests > > > - Start standalone service > > > * Checked staging maven repository artifacts > > > > > > > > > -- > > > Matteo Merli > > > <mme...@apache.org> > > > > > > On Mon, Jun 7, 2021 at 6:21 AM PengHui Li <peng...@apache.org> wrote: > > > > > > > > This is the first release candidate for Apache Pulsar, version 2.8.0. > > > > > > > > It fixes the following > > > > issues: > > > > > https://github.com/apache/pulsar/pulls?q=is%3Apr+milestone%3A2.8.0+-label%3Arelease%2F2.7.1+-label%3Arelease%2F2.7.2+is%3Aclosed > > > > > > > > *** Please download, test and vote on this release. This vote will stay > > > open > > > > for at least 72 hours *** > > > > > > > > Note that we are voting upon the source (tag), binaries are provided > > for > > > > convenience. > > > > > > > > Source and binary > > > > files: > > > https://dist.apache.org/repos/dist/dev/pulsar/pulsar-2.8.0-candidate-1/ > > > > > > > > SHA-512 checksums: > > > > > > > > > > > > > 48306629a261f78c560b449f85b58b6e66ae9c7464961ec3990784a97dcb75870f32bfe99393f60195224a66e6b29f06154230a96a7d5edecddb35618a2d69b2 > > > > apache-pulsar-2.8.0-SNAPSHOT-bin.tar.gz > > > > > > > > > 3fdab0dad99d7ef2fe9728c1b538d424ef95b208b5d1d01aa7fc23859fe8c8f82074be9ba6426f525159a33ea742ca892c34b87fa641f94c8ddbb84fbacab6eb > > > > apache-pulsar-2.8.0-SNAPSHOT-src.tar.gz > > > > > > > > Maven staging repo: > > > https://repository.apache.org/content/repositories/orgapachepulsar-1088/ > > > > > > > > The tag to be voted upon: > > > > v2.8.0-candidate-1 > > > > (73172334d15e29b7755e5792d7c577f48e54554d) > > > https://github.com/apache/pulsar/releases/tag/v2.8.0-candidate-1 > > > > > > > > Pulsar's KEYS file containing PGP keys we use to sign the > > > > release:https://dist.apache.org/repos/dist/dev/pulsar/KEYS > > > > > > > > Please download the the source package, and follow the README to build > > > > and run the Pulsar standalone service. > > > > >
