Helm chart can't remove .securityContexts.runAsUser and securityContexts.fsGroup for Openshift compatibility
#41,630 建立於 2024年8月21日
倉庫指標
- Star
- (44,809 star)
- PR 合併指標
- (平均合併 7天 18小時) (30 天內合併 834 個 PR)
描述
Official Helm Chart version
1.15.0 (latest released)
Apache Airflow version
2.9.3
Kubernetes Version
v1.26.15+4818370
Helm Chart configuration
securityContexts: {
pod: {
runAsUser:
fsGroup:
}
}
Docker Image customizations
No response
What happened
.securityContexts.pod.runAsUser and securityContexts.pod.fsGroup should allow us to remove the values entirely for openshift compatibility. Bitnami have done the same in their image https://github.com/bitnami/charts/blob/f7bd58e4b2842e0bf1bf2dcd0288beea98dd87a9/bitnami/airflow/values.yaml#L29
This is needed when users like myself do not have cluster admin rights to assign scc's to service accounts that can use any UID and GID. By default Openshift applies the restricted-v2 SCC, which doesn't allow any id for runAsUser and fsGroup.
What you think should happen instead
Allow .runAsUser and fsGroup values to be omitted or allow .securityContexts block to be removed so Openshifts SCC policy will apply the defaults.
How to reproduce
In an openshift cluster, try to deploy as a project admin.
Anything else
No response
Are you willing to submit PR?
- Yes I am willing to submit a PR!
Code of Conduct
- I agree to follow this project's Code of Conduct