-
Notifications
You must be signed in to change notification settings - Fork 446
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Fluent-Bit] Improve Openshift support, allow to use existing SCCs #380
[Fluent-Bit] Improve Openshift support, allow to use existing SCCs #380
Conversation
thethir13en
commented
Jun 8, 2023
- This commit breaks Openshift compatibility with previous versions
- Add ability to provide existing SecurityContextConstraints name instead of create new one
- Add ability to add annotations for SecrutiryContextConstraints resource, created with the chart
- Add common labels for SecurityContextConstraints
- Improve variables naming
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR @thethir13en, I've added a couple of comments that I think need addressing.
01a83be
to
7cff4ab
Compare
@stevehipwell
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think the current chart OpenShift implementation looks right as it shouldn't be possible to get into an invalid state and if you always need a SCC then currently you could.
How about an API like below where you replace <SCC>
with a valid out-of-the-box SCC to default to and the logic is that if you set create
to true
the chart creates a new SCC with either the name
input or a default.
openShift:
enabled: false
securityContextConstraints:
create: false
name:
annotations: {}
existingName: <SCC>
0954554
to
cf9964b
Compare
74913f0
to
39482c6
Compare
@thethir13en could you please rebase this? |
- Add ability to provide existing SecurityContextConstraints name instead of create new one - Add ability to add annotations for SecrutiryContextConstraints resource, created with the chart - Add common labels for SecurityContextConstraints - Improve variables naming - Bump up chart version Signed-off-by: Kirill Thirteen <kirill_peretrukhin@epam.com>
Signed-off-by: Kirill Thirteen <kirill_peretrukhin@epam.com>
Signed-off-by: Kirill Thirteen <kirill_peretrukhin@epam.com>
39482c6
to
d7388ae
Compare
…hift Signed-off-by: Kirill Thirteen <kirill_peretrukhin@epam.com>
…ment Signed-off-by: Kirill Thirteen <14818442+thethir13en@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Thanks @thethir13en, sorry it took so long to get this merged. |
@stevehipwell everything is fine! Thank you too, for suggestions) |
…luent#380) * Improve Openshift support, allow to use existing SCCs - Add ability to provide existing SecurityContextConstraints name instead of create new one - Add ability to add annotations for SecrutiryContextConstraints resource, created with the chart - Add common labels for SecurityContextConstraints - Improve variables naming - Bump up chart version Signed-off-by: Kirill Thirteen <kirill_peretrukhin@epam.com> * fix openshift SCC template Signed-off-by: Kirill Thirteen <kirill_peretrukhin@epam.com> * fixes according to suggestions Signed-off-by: Kirill Thirteen <kirill_peretrukhin@epam.com> * fluent-bit: enable creation of SCC by default, while running in OpenShift Signed-off-by: Kirill Thirteen <kirill_peretrukhin@epam.com> --------- Signed-off-by: Kirill Thirteen <kirill_peretrukhin@epam.com> Signed-off-by: Kirill Thirteen <14818442+thethir13en@users.noreply.github.com> Co-authored-by: Kirill Thirteen <kirill_peretrukhin@epam.com>