Openshift fix #288
Openshift fix #288
Conversation
Codecov Report
@@ Coverage Diff @@
## develop #288 +/- ##
========================================
Coverage 96.65% 96.65%
========================================
Files 22 22
Lines 1077 1077
========================================
Hits 1041 1041
Misses 36 36 Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Thanks for contributing @pflaeging ! You are pointing out an important compatibility issue with the secure defaults.
I think your last sentence almost nails it: we should just let the user decide ;-)
I'd propose to simply expose the whole security context and annotation (comment the annotation and make a note for k8s <v1.18) via helm/values.yaml under deployment. before resources. Would that work for you?
Also:
- changed the base branch to
develop(merged tomasterfor releases) - we should rename the commit for semantic commits, maybe
feat: expose security context and annotations in values.yaml - have you tested on Openshift / OKD? We should add a note in the docs then.
Let me know if I should support!
Jepp, that would be OK for me.
The patched version is running in an OpenShift 4.6 cluster and in an OKD 4.7 cluster without problems (I'm only checking specific namespaces!).
Thx ;-) :peter |
xopham
force-pushed
the
openshift-pp
branch
4 times, most recently
from
679e890
to
e67bde3
Compare
…ft 4 Co-Authored-By: Christoph Hamsen <hamsen.christoph@posteo.de> Signed-off-by: Philipp Belitz <philipp.belitz@securesystems.de>
After this small fix connaisseur runs as a normal helm deployment inside OKD / OpenShift 4 (tested with OKd 4.7).
Only set the value:
openshift: truein your value.yaml file.Reason
Openshift and OKD are using secure container by default (randomized user and group execution). So we have to disable the fixed user and group setting. This let OpenShift decide ;-)