keptn · odubajDT · Apr 23, 2024 · Apr 13, 2024 · Apr 13, 2024 · Apr 13, 2024
@@ -0,0 +1,3 @@
+global:
+  openShift:
+    enabled: true
@@ -15399,8 +15399,8 @@ spec:
             - ALL
           privileged: false
           runAsGroup: 65532
-          runAsNonRoot: true
           runAsUser: 65532
+          runAsNonRoot: true
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:
@@ -15596,8 +15596,8 @@ spec:
             - ALL
           privileged: false
           runAsGroup: 65532
-          runAsNonRoot: true
           runAsUser: 65532
+          runAsNonRoot: true
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:

@@ -11965,8 +11965,8 @@ spec:
             - ALL
           privileged: false
           runAsGroup: 65532
-          runAsNonRoot: true
           runAsUser: 65532
+          runAsNonRoot: true
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:

@@ -12266,8 +12266,8 @@ spec:
             - ALL
           privileged: false
           runAsGroup: 65532
-          runAsNonRoot: true
           runAsUser: 65532
+          runAsNonRoot: true
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:

@@ -15725,8 +15725,8 @@ spec:
             - ALL
           privileged: false
           runAsGroup: 65532
-          runAsNonRoot: true
           runAsUser: 65532
+          runAsNonRoot: true
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:
@@ -15937,8 +15937,8 @@ spec:
             - ALL
           privileged: false
           runAsGroup: 65532
-          runAsNonRoot: true
           runAsUser: 65532
+          runAsNonRoot: true
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:

@@ -3200,8 +3200,8 @@ spec:
             - ALL
           privileged: false
           runAsGroup: 65532
-          runAsNonRoot: true
           runAsUser: 65532
+          runAsNonRoot: true
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:

@@ -3221,8 +3221,8 @@ spec:
             - ALL
           privileged: false
           runAsGroup: 65532
-          runAsNonRoot: true
           runAsUser: 65532
+          runAsNonRoot: true
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:

@@ -3522,8 +3522,8 @@ spec:
             - ALL
           privileged: false
           runAsGroup: 65532
-          runAsNonRoot: true
           runAsUser: 65532
+          runAsNonRoot: true
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:

@@ -25,3 +25,4 @@ metrics, observability, health checks, with pre- and post-deployment evaluations
 | `global.commonLabels`           | Common labels to add to all Keptn resources. Evaluated as a template      | `{}`      |
 | `global.commonAnnotations`      | Common annotations to add to all Keptn resources. Evaluated as a template | `{}`      |
 | `global.caInjectionAnnotations` | CA injection annotations for cert-manager.io configuration                | `{}`      |
+| `global.openShift.enabled`      | Enable this value to install on Openshift                                 | `false`   |
@@ -31,3 +31,6 @@ global:
   commonAnnotations: {}
   ## @param global.caInjectionAnnotations CA injection annotations for cert-manager.io configuration
   caInjectionAnnotations: {}
+  openShift:
+    ## @param global.openShift.enabled Enable this value to install on Openshift
+    enabled: false
@@ -0,0 +1,23 @@
+---
+comments: true
+---
+
+# Installing on Openshift
+
+To install on Openshift, set the value `global.isOpenshift` in the `values.yaml` file to true.
+In practice this means that `runAsUser` and `runAsGroup` are removed, since
+Openshift sets those automatically.
+
+You can set the `global.isOpenshift` parameter when running the `helm install` command:
+
+```shell
+helm install keptn keptn --set global.openShift.enabled=true
+```
+
+or you can define it in your `values.yaml` file:
+
+```yaml
+global:
+  openShift:
+    enabled: true
+```
@@ -16,6 +16,7 @@ resource.
 | `global.commonLabels`           | Common labels to add to all Keptn resources. Evaluated as a template      | `{}`      |
 | `global.commonAnnotations`      | Common annotations to add to all Keptn resources. Evaluated as a template | `{}`      |
 | `global.caInjectionAnnotations` | CA injection annotations for cert-manager.io configuration                | `{}`      |
+| `global.openShift.enabled`      | Enable this value to install on Openshift                                 | `false`   |
 
 ### Keptn Certificate Operator common
 

@@ -56,10 +56,12 @@ spec:
             capabilities: {{- include "common.tplvalues.render" (dict "value" .Values.containerSecurityContext.capabilities "context" $) | nindent 14 }}
             readOnlyRootFilesystem: {{ .Values.containerSecurityContext.readOnlyRootFilesystem
             }}
+            {{- if not .Values.global.openShift.enabled }}
             runAsGroup: {{ .Values.containerSecurityContext.runAsGroup
             }}
             runAsUser: {{ .Values.containerSecurityContext.runAsUser
             }}
+            {{- end }}
             seccompProfile: {{- include "common.tplvalues.render" (dict "value" .Values.containerSecurityContext.seccompProfile
             "context" $) | nindent 14 }}
         {{- if .Values.livenessProbe }}

@@ -20,6 +20,9 @@ global:
   commonAnnotations: {}
   ## @param global.caInjectionAnnotations CA injection annotations for cert-manager.io configuration
   caInjectionAnnotations: { }
+  openShift:
+    ## @param global.openShift.enabled Enable this value to install on Openshift
+    enabled: false
 
 
 # yamllint disable rule:line-length

@@ -20,6 +20,7 @@ and application health checks
 | `global.commonLabels`                                   | Common labels to add to all Keptn resources. Evaluated as a template                                                                                          | `{}`                |
 | `global.commonAnnotations`                              | Common annotations to add to all Keptn resources. Evaluated as a template                                                                                     | `{}`                |
 | `global.caInjectionAnnotations`                         | CA injection annotations for cert-manager.io configuration                                                                                                    | `{}`                |
+| `global.openShift.enabled`                              | Enable this value to install on Openshift                                                                                                                     | `false`             |
 | `lifecycleOperatorConfig.health.healthProbeBindAddress` | setup on what address to start the default health handler                                                                                                     | `:8081`             |
 | `lifecycleOperatorConfig.leaderElection.leaderElect`    | enable leader election for multiple replicas of the lifecycle operator                                                                                        | `true`              |
 | `lifecycleOperatorConfig.leaderElection.resourceName`   | define LeaderElectionID                                                                                                                                       | `6b866dd9.keptn.sh` |

@@ -127,12 +127,14 @@ spec:
             "context" $) | nindent 12 }}
           privileged: {{ .Values.lifecycleOperator.containerSecurityContext.privileged
             }}
+          {{- if not .Values.global.openShift.enabled }}
           runAsGroup: {{ .Values.lifecycleOperator.containerSecurityContext.runAsGroup
             }}
-          runAsNonRoot: {{ .Values.lifecycleOperator.containerSecurityContext.runAsNonRoot
-            }}
           runAsUser: {{ .Values.lifecycleOperator.containerSecurityContext.runAsUser
             }}
+          {{- end }}
+          runAsNonRoot: {{ .Values.lifecycleOperator.containerSecurityContext.runAsNonRoot
+            }}
           seccompProfile: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleOperator.containerSecurityContext.seccompProfile
             "context" $) | nindent 12 }}
         volumeMounts:
@@ -224,7 +226,9 @@ spec:
             }}
           runAsNonRoot: {{ .Values.scheduler.containerSecurityContext.runAsNonRoot
             }}
+          {{- if not .Values.global.openShift.enabled }}
           runAsUser: {{ .Values.scheduler.containerSecurityContext.runAsUser }}
+          {{- end }}
           seccompProfile: {{- include "common.tplvalues.render" (dict "value" .Values.scheduler.containerSecurityContext.seccompProfile
             "context" $) | nindent 12 }}
         volumeMounts:

@@ -26,6 +26,9 @@ global:
   ## @param global.caInjectionAnnotations CA injection annotations for cert-manager.io configuration
   ##
   caInjectionAnnotations: { }
+  openShift:
+    ## @param global.openShift.enabled Enable this value to install on Openshift
+    enabled: false
 
 lifecycleOperatorConfig:
   health:

@@ -22,6 +22,7 @@ Prometheus, Dynatrace, DataDog and K8s metric server...
 | `global.commonLabels`           | Common labels to add to all Keptn resources. Evaluated as a template      | `{}`      |
 | `global.commonAnnotations`      | Common annotations to add to all Keptn resources. Evaluated as a template | `{}`      |
 | `global.caInjectionAnnotations` | CA injection annotations for cert-manager.io configuration                | `{}`      |
+| `global.openShift.enabled`      | Enable this value to install on Openshift                                 | `false`   |
 
 ### Keptn Metrics Operator common
 

@@ -83,12 +83,14 @@ spec:
             "context" $) | nindent 12 }}
           privileged: {{ .Values.containerSecurityContext.privileged
             }}
+          {{- if not .Values.global.openShift.enabled }}
           runAsGroup: {{ .Values.containerSecurityContext.runAsGroup
             }}
-          runAsNonRoot: {{ .Values.containerSecurityContext.runAsNonRoot
-            }}
           runAsUser: {{ .Values.containerSecurityContext.runAsUser
             }}
+          {{- end }}
+          runAsNonRoot: {{ .Values.containerSecurityContext.runAsNonRoot
+            }}
           seccompProfile: {{- include "common.tplvalues.render" (dict "value" .Values.containerSecurityContext.seccompProfile
             "context" $) | nindent 12 }}
         volumeMounts:

@@ -26,6 +26,9 @@ global:
   ## @param global.caInjectionAnnotations CA injection annotations for cert-manager.io configuration
   ##
   caInjectionAnnotations: { }
+  openShift:
+    ## @param global.openShift.enabled Enable this value to install on Openshift
+    enabled: false
 
 ## @section Keptn Metrics Operator common
 ## @extra   operatorService.ports[0] webhook port (must correspond to Mutating Webhook Configurations)

@@ -125,6 +125,7 @@ nav:
               - vCluster installation: docs/installation/configuration/vcluster.md
               - Keptn + cert-manager.io: docs/installation/configuration/cert-manager.md
               - Deploy Keptn via ArgoCD: docs/installation/configuration/argocd.md
+              - Deploy Keptn on OpenShift: docs/installation/configuration/Openshift.md
           - Installation Tips and Tricks: docs/installation/tips-tricks.md
           - Troubleshooting Guide: docs/installation/troubleshooting.md
           - Kubernetes cluster: docs/installation/k8s.md