From 01b03d830e6003ceb3b87207b662c630fed6c8ab Mon Sep 17 00:00:00 2001 From: anthony_lai Date: Tue, 14 Jun 2022 22:42:45 +0000 Subject: [PATCH 1/2] add new runAsUser operator helm chart configuration --- .../charts/weblogic-operator/templates/_operator-dep.tpl | 8 ++++++++ kubernetes/charts/weblogic-operator/values.yaml | 4 ++++ 2 files changed, 12 insertions(+) diff --git a/kubernetes/charts/weblogic-operator/templates/_operator-dep.tpl b/kubernetes/charts/weblogic-operator/templates/_operator-dep.tpl index 2a2a8423c07..35bf51071a5 100644 --- a/kubernetes/charts/weblogic-operator/templates/_operator-dep.tpl +++ b/kubernetes/charts/weblogic-operator/templates/_operator-dep.tpl @@ -34,6 +34,10 @@ spec: {{- end }} spec: serviceAccountName: {{ .serviceAccount | quote }} + {{- if .runAsUser }} + securityContext: + runAsUser: {{ .runAsUser }} + {{- end }} {{- with .nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -222,6 +226,10 @@ spec: {{- end }} spec: serviceAccountName: {{ .serviceAccount | quote }} + {{- if .runAsUser }} + securityContext: + runAsUser: {{ .runAsUser }} + {{- end }} {{- with .nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/kubernetes/charts/weblogic-operator/values.yaml b/kubernetes/charts/weblogic-operator/values.yaml index f1bb6f14b6f..b870252bfc4 100644 --- a/kubernetes/charts/weblogic-operator/values.yaml +++ b/kubernetes/charts/weblogic-operator/values.yaml @@ -258,3 +258,7 @@ clusterSizePaddingValidationEnabled: true # Defaults to 5 retries and 10 seconds between each retry. # domainPresenceFailureRetryMaxCount: 5 # domainPresenceFailureRetrySeconds: 10 + +# runAsuser specifies the UID to run the operator and webhook container processes. If not +# specified, it defaults to the user specified in the operator's container image. +#runAsUser: 1000 From a8cb4536d89d695fa6b69e676dae8e49762c1fc5 Mon Sep 17 00:00:00 2001 From: Anthony Lai Date: Wed, 15 Jun 2022 17:07:39 -0700 Subject: [PATCH 2/2] documentation for runAsUser configuration --- .../staging/content/managing-operators/using-helm.md | 8 ++++++++ kubernetes/charts/weblogic-operator/values.yaml | 4 ++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/documentation/staging/content/managing-operators/using-helm.md b/documentation/staging/content/managing-operators/using-helm.md index 0e048416db7..a5792567bf8 100644 --- a/documentation/staging/content/managing-operators/using-helm.md +++ b/documentation/staging/content/managing-operators/using-helm.md @@ -22,6 +22,7 @@ description: "An operator runtime is installed and configured using Helm. Here a - [`labels`](#labels) - [`nodeSelector`](#nodeselector) - [`affinity`](#affinity) + - [`runAsUser`](#runasuser) - [WebLogic domain conversion webhook](#weblogic-domain-conversion-webhook) - [`webhookOnly`](#webhookonly) - [`operatorOnly`](#operatoronly) @@ -292,6 +293,13 @@ affinity: values: - another-node-label-value ``` +##### `runAsUser` +Specifies the UID to run the operator and conversion webhook container processes. If not specified, it defaults to the user specified in the operator's container image. + +Example: +```yaml +runAsUser: 1000 +``` #### WebLogic domain conversion webhook diff --git a/kubernetes/charts/weblogic-operator/values.yaml b/kubernetes/charts/weblogic-operator/values.yaml index b870252bfc4..c52073f1386 100644 --- a/kubernetes/charts/weblogic-operator/values.yaml +++ b/kubernetes/charts/weblogic-operator/values.yaml @@ -259,6 +259,6 @@ clusterSizePaddingValidationEnabled: true # domainPresenceFailureRetryMaxCount: 5 # domainPresenceFailureRetrySeconds: 10 -# runAsuser specifies the UID to run the operator and webhook container processes. If not -# specified, it defaults to the user specified in the operator's container image. +# runAsuser specifies the UID to run the operator and conversion webhook container processes. +# If not specified, it defaults to the user specified in the operator's container image. #runAsUser: 1000