Helm chart can't remove .securityContexts.runAsUser and securityContexts.fsGroup for Openshift compatibility
#41.630 aperta il 21 ago 2024
Metriche repository
- Star
- (44.809 star)
- Metriche merge PR
- (Merge medio 7g 18h) (834 PR mergiate in 30 g)
Descrizione
Official Helm Chart version
1.15.0 (latest released)
Apache Airflow version
2.9.3
Kubernetes Version
v1.26.15+4818370
Helm Chart configuration
securityContexts: {
pod: {
runAsUser:
fsGroup:
}
}
Docker Image customizations
No response
What happened
.securityContexts.pod.runAsUser and securityContexts.pod.fsGroup should allow us to remove the values entirely for openshift compatibility. Bitnami have done the same in their image https://github.com/bitnami/charts/blob/f7bd58e4b2842e0bf1bf2dcd0288beea98dd87a9/bitnami/airflow/values.yaml#L29
This is needed when users like myself do not have cluster admin rights to assign scc's to service accounts that can use any UID and GID. By default Openshift applies the restricted-v2 SCC, which doesn't allow any id for runAsUser and fsGroup.
What you think should happen instead
Allow .runAsUser and fsGroup values to be omitted or allow .securityContexts block to be removed so Openshifts SCC policy will apply the defaults.
How to reproduce
In an openshift cluster, try to deploy as a project admin.
Anything else
No response
Are you willing to submit PR?
- Yes I am willing to submit a PR!
Code of Conduct
- I agree to follow this project's Code of Conduct