Helm chart can't remove .securityContexts.runAsUser and securityContexts.fsGroup for Openshift compatibility
#41.630 aberto em 21 de ago. de 2024
Métricas do repositório
- Stars
- (44.809 stars)
- Métricas de merge de PR
- (Mesclagem média 7d 18h) (834 fundiu PRs em 30d)
Description
Official Helm Chart version
1.15.0 (latest released)
Apache Airflow version
2.9.3
Kubernetes Version
v1.26.15+4818370
Helm Chart configuration
securityContexts: {
pod: {
runAsUser:
fsGroup:
}
}
Docker Image customizations
No response
What happened
.securityContexts.pod.runAsUser and securityContexts.pod.fsGroup should allow us to remove the values entirely for openshift compatibility. Bitnami have done the same in their image https://github.com/bitnami/charts/blob/f7bd58e4b2842e0bf1bf2dcd0288beea98dd87a9/bitnami/airflow/values.yaml#L29
This is needed when users like myself do not have cluster admin rights to assign scc's to service accounts that can use any UID and GID. By default Openshift applies the restricted-v2 SCC, which doesn't allow any id for runAsUser and fsGroup.
What you think should happen instead
Allow .runAsUser and fsGroup values to be omitted or allow .securityContexts block to be removed so Openshifts SCC policy will apply the defaults.
How to reproduce
In an openshift cluster, try to deploy as a project admin.
Anything else
No response
Are you willing to submit PR?
- Yes I am willing to submit a PR!
Code of Conduct
- I agree to follow this project's Code of Conduct