-
Notifications
You must be signed in to change notification settings - Fork 719
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add autodetect option to security context configuration #5150
Add autodetect option to security context configuration #5150
Conversation
Update helm values with more documentation around setting default security context
Co-authored-by: Michael Morello <michael.morello@gmail.com>
Co-authored-by: Michael Morello <michael.morello@gmail.com>
remove erroneous logging line
…lse, auto-detect.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Almost LGTM, a few nits and the build is failing due to the import statements in the new test.
cmd/manager/main.go
Outdated
return true, nil | ||
} | ||
} | ||
// if the security.openshift.io group isn't found, we are not in openshift |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
as above let's stick with the official camel casing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
* Add auto-detect option to setting security context Update helm values with more documentation around setting default security context * Refactor because of linter issues * return invalid security context errors. Co-authored-by: Michael Morello <michael.morello@gmail.com> * simplify logic when detecting openshift Co-authored-by: Michael Morello <michael.morello@gmail.com> * Move openshift detection logic into it's own function remove erroneous logging line * Update to only allow 3 options for setting security context: true, false, auto-detect. * catch api error "not found", and assume not on openshift cluster. * Add unit tests around checking how we set the default security context in/out of openshift. * Update comments per PR review * review changes * Move resources required for test to be directly after the test that uses them. Co-authored-by: Michael Morello <michael.morello@gmail.com>
* Add auto-detect option to setting security context Update helm values with more documentation around setting default security context * Refactor because of linter issues * return invalid security context errors. Co-authored-by: Michael Morello <michael.morello@gmail.com> * simplify logic when detecting openshift Co-authored-by: Michael Morello <michael.morello@gmail.com> * Move openshift detection logic into it's own function remove erroneous logging line * Update to only allow 3 options for setting security context: true, false, auto-detect. * catch api error "not found", and assume not on openshift cluster. * Add unit tests around checking how we set the default security context in/out of openshift. * Update comments per PR review * review changes * Move resources required for test to be directly after the test that uses them. Co-authored-by: Michael Morello <michael.morello@gmail.com>
resolves #5061
This change adds an option to the
set-default-security-context
flag to help the user with settings that pertain to security context. It adds theauto-detect
option(which is triggered by simply not setting thewhich does the following when set:set-default-security-context
flag)set-default-security-context
flag is explicitly set to either true, or false, use this value.set-default-security-context
flag is set toauto-detect
(the default value in helm charts) use openshift detection to determine whether or not we are running within an openshift cluster. If we determine we are on an openshift cluster then default to setting this flag tofalse
to allow openshift to set the security context properly, otherwise set this flag totrue
to allow the operator to set the security context appropriately.Any other set value will throw a syntax error.
testing
This was tested in both an openshift cluster, and vanilla cluster with the auto-detect option set and the results were as follows
vanilla cluster
Elasticsearch stateful set had the following settings
openshift cluster