-
Notifications
You must be signed in to change notification settings - Fork 61
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Openshift fix #288
Openshift fix #288
Conversation
Codecov Report
@@ Coverage Diff @@
## develop #288 +/- ##
========================================
Coverage 96.65% 96.65%
========================================
Files 22 22
Lines 1077 1077
========================================
Hits 1041 1041
Misses 36 36 Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for contributing @pflaeging ! You are pointing out an important compatibility issue with the secure defaults.
I think your last sentence almost nails it: we should just let the user decide ;-)
I'd propose to simply expose the whole security context and annotation (comment the annotation and make a note for k8s <v1.18) via helm/values.yaml
under deployment.
before resources
. Would that work for you?
Also:
- changed the base branch to
develop
(merged tomaster
for releases) - we should rename the commit for semantic commits, maybe
feat: expose security context and annotations in values.yaml
- have you tested on Openshift / OKD? We should add a note in the docs then.
Let me know if I should support!
Jepp, that would be OK for me.
The patched version is running in an OpenShift 4.6 cluster and in an OKD 4.7 cluster without problems (I'm only checking specific namespaces!).
Thx ;-) :peter |
679e890
to
e67bde3
Compare
…ft 4 Co-Authored-By: Christoph Hamsen <hamsen.christoph@posteo.de> Signed-off-by: Philipp Belitz <philipp.belitz@securesystems.de>
After this small fix connaisseur runs as a normal helm deployment inside OKD / OpenShift 4 (tested with OKd 4.7).
Only set the value:
openshift: true
in your value.yaml file.Reason
Openshift and OKD are using secure container by default (randomized user and group execution). So we have to disable the fixed user and group setting. This let OpenShift decide ;-)