Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Fluent-Bit] Improve Openshift support, allow to use existing SCCs #380

Merged
merged 5 commits into from
Jul 5, 2023
Merged

[Fluent-Bit] Improve Openshift support, allow to use existing SCCs #380

merged 5 commits into from
Jul 5, 2023

Conversation

thethir13en
Copy link
Contributor

  • This commit breaks Openshift compatibility with previous versions
  • Add ability to provide existing SecurityContextConstraints name instead of create new one
  • Add ability to add annotations for SecrutiryContextConstraints resource, created with the chart
  • Add common labels for SecurityContextConstraints
  • Improve variables naming

@thethir13en thethir13en changed the title Improve Openshift support, allow to use existing SCCs [Fluent-Bit] Improve Openshift support, allow to use existing SCCs Jun 8, 2023
stevehipwell
stevehipwell requested changes Jun 8, 2023
View reviewed changes
Copy link
Collaborator

@stevehipwell stevehipwell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR @thethir13en, I've added a couple of comments that I think need addressing.

charts/fluent-bit/values.yaml Outdated Show resolved Hide resolved
charts/fluent-bit/values.yaml Outdated Show resolved Hide resolved
@thethir13en thethir13en force-pushed the feature/fluent-bit-openshift-support-improvement branch 4 times, most recently from 01a83be to 7cff4ab Compare June 12, 2023 12:30
@thethir13en
Copy link
Contributor Author

@stevehipwell
Updated my commit, with the following:

  • keep ".Values.openShift" case to comply with Helm best practices and do not break compatibility with the previous versions of the chart
  • add dedicated ".Values.openShift.securityContextConstraints.exisingName", allowing to use existing SCC in cluster
  • add ability to provide name for SCC created by Helm chart

stevehipwell
stevehipwell requested changes Jun 12, 2023
View reviewed changes
Copy link
Collaborator

@stevehipwell stevehipwell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think the current chart OpenShift implementation looks right as it shouldn't be possible to get into an invalid state and if you always need a SCC then currently you could.

How about an API like below where you replace <SCC> with a valid out-of-the-box SCC to default to and the logic is that if you set create to true the chart creates a new SCC with either the name input or a default.

openShift:
  enabled: false
  securityContextConstraints:
    create: false
    name:
    annotations: {}
    existingName: <SCC>

charts/fluent-bit/Chart.yaml Outdated Show resolved Hide resolved
charts/fluent-bit/templates/_helpers.tpl Outdated Show resolved Hide resolved
charts/fluent-bit/templates/scc.yaml Outdated Show resolved Hide resolved
charts/fluent-bit/templates/clusterrole.yaml Outdated Show resolved Hide resolved
charts/fluent-bit/templates/_helpers.tpl Outdated Show resolved Hide resolved
charts/fluent-bit/templates/_helpers.tpl Outdated Show resolved Hide resolved
@thethir13en thethir13en force-pushed the feature/fluent-bit-openshift-support-improvement branch from 0954554 to cf9964b Compare June 12, 2023 15:45
@thethir13en thethir13en force-pushed the feature/fluent-bit-openshift-support-improvement branch 4 times, most recently from 74913f0 to 39482c6 Compare June 23, 2023 06:27
@stevehipwell
Copy link
Collaborator

@thethir13en could you please rebase this?

Kirill Thirteen added 3 commits June 27, 2023 10:20
Improve Openshift support, allow to use existing SCCs
304a9f2 
- Add ability to provide existing SecurityContextConstraints name
  instead of create new one
- Add ability to add annotations for SecrutiryContextConstraints
  resource, created with the chart
- Add common labels for SecurityContextConstraints
- Improve variables naming
- Bump up chart version

Signed-off-by: Kirill Thirteen <kirill_peretrukhin@epam.com>
fix openshift SCC template
9609612 
Signed-off-by: Kirill Thirteen <kirill_peretrukhin@epam.com>
fixes according to suggestions
d7388ae 
Signed-off-by: Kirill Thirteen <kirill_peretrukhin@epam.com>
@thethir13en thethir13en force-pushed the feature/fluent-bit-openshift-support-improvement branch from 39482c6 to d7388ae Compare June 27, 2023 07:20
Kirill Thirteen and others added 2 commits July 5, 2023 11:36
fluent-bit: enable creation of SCC by default, while running in OpenS…
258f74f 
…hift

Signed-off-by: Kirill Thirteen <kirill_peretrukhin@epam.com>
@thethir13en
Merge branch 'main' into feature/fluent-bit-openshift-support-improve…
c8365ca 
…ment

Signed-off-by: Kirill Thirteen <14818442+thethir13en@users.noreply.github.com>
stevehipwell
stevehipwell approved these changes Jul 5, 2023
View reviewed changes
Copy link
Collaborator

@stevehipwell stevehipwell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@stevehipwell stevehipwell merged commit 5b70817 into fluent:main Jul 5, 2023
2 checks passed
@stevehipwell
Copy link
Collaborator

Thanks @thethir13en, sorry it took so long to get this merged.

@thethir13en thethir13en deleted the feature/fluent-bit-openshift-support-improvement branch July 10, 2023 06:21
@thethir13en
Copy link
Contributor Author

@stevehipwell everything is fine! Thank you too, for suggestions)

@stevehipwell stevehipwell mentioned this pull request Jul 11, 2023
Merged
Matiasmct pushed a commit to giffgaff/fluent-helm that referenced this pull request Oct 24, 2023
@thethir13en @Matiasmct
[Fluent-Bit] Improve Openshift support, allow to use existing SCCs (f…
50b8448 
…luent#380)

* Improve Openshift support, allow to use existing SCCs

- Add ability to provide existing SecurityContextConstraints name
  instead of create new one
- Add ability to add annotations for SecrutiryContextConstraints
  resource, created with the chart
- Add common labels for SecurityContextConstraints
- Improve variables naming
- Bump up chart version

Signed-off-by: Kirill Thirteen <kirill_peretrukhin@epam.com>

* fix openshift SCC template

Signed-off-by: Kirill Thirteen <kirill_peretrukhin@epam.com>

* fixes according to suggestions

Signed-off-by: Kirill Thirteen <kirill_peretrukhin@epam.com>

* fluent-bit: enable creation of SCC by default, while running in OpenShift

Signed-off-by: Kirill Thirteen <kirill_peretrukhin@epam.com>

---------

Signed-off-by: Kirill Thirteen <kirill_peretrukhin@epam.com>
Signed-off-by: Kirill Thirteen <14818442+thethir13en@users.noreply.github.com>
Co-authored-by: Kirill Thirteen <kirill_peretrukhin@epam.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stevehipwell stevehipwell stevehipwell approved these changes

@edsiper edsiper Awaiting requested review from edsiper edsiper is a code owner

@naseemkullah naseemkullah Awaiting requested review from naseemkullah naseemkullah is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@thethir13en @stevehipwell