Skip to content

Commit 17f6d92

Browse files
pjuarezdpjuarezd
authored
Fixes security context rendering of empty object value. (#2007)
This will allow to render `securityContext: {}` and `containerSecurityContext: {}. In Openshift leaving security context as an empty object sets the right values to the pods and containers to be in compliance with the Security Context Constrains (SCC) in the namespace. https://docs.openshift.com/container-platform/4.15/authentication/managing-security-context-constraints.html Signed-off-by: pjuarezd <pjuarezd@users.noreply.github.com>
1 parent 4b5381b commit 17f6d92

File tree

1 file changed

+14
-7
lines changed

1 file changed

+14
-7
lines changed

helm/tenant/templates/tenant.yaml

Lines changed: 14 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -67,11 +67,17 @@ spec:
6767
{{- with (dig "resources" (dict) .) }}
6868
resources: {{- toYaml . | nindent 8 }}
6969
{{- end }}
70+
{{- if hasKey . "securityContext" }}
71+
securityContext: {{- if eq (len .securityContext) 0 }} {} {{- end }}
7072
{{- with (dig "securityContext" (dict) .) }}
71-
securityContext: {{- toYaml . | nindent 8 }}
73+
{{- toYaml . | nindent 8 }}
7274
{{- end }}
75+
{{- end }}
76+
{{- if hasKey . "containerSecurityContext" }}
77+
containerSecurityContext: {{- if eq (len .containerSecurityContext) 0 }} {} {{- end }}
7378
{{- with (dig "containerSecurityContext" (dict) .) }}
74-
containerSecurityContext: {{- toYaml . | nindent 8 }}
79+
{{- toYaml . | nindent 8 }}
80+
{{- end }}
7581
{{- end }}
7682
{{- with (dig "topologySpreadConstraints" (list) .) }}
7783
topologySpreadConstraints: {{- toYaml . | nindent 8 }}
@@ -175,10 +181,11 @@ spec:
175181
labels: {{- toYaml . | nindent 4 }}
176182
{{- end }}
177183
serviceAccountName: {{ .kes.serviceAccountName | quote }}
178-
securityContext:
179-
runAsUser: {{ .kes.securityContext.runAsUser | int }}
180-
runAsGroup: {{ .kes.securityContext.runAsGroup | int }}
181-
runAsNonRoot: {{ .kes.securityContext.runAsNonRoot }}
182-
fsGroup: {{ .kes.securityContext.fsGroup | int }}
184+
{{- if hasKey .kes "securityContext" }}
185+
securityContext: {{- if eq (len .kes.securityContext) 0 }} {} {{- end }}
186+
{{- with (dig "kes" "securityContext" (dict) .) }}
187+
{{- toYaml . | nindent 6 }}
188+
{{- end }}
189+
{{- end }}
183190
{{- end }}
184191
{{- end }}

0 commit comments

Comments
 (0)