Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

adapt for openshift #109

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

adapt for openshift #109

wants to merge 3 commits into from

Conversation

Baboulinet-33
Copy link

@Baboulinet-33 Baboulinet-33 commented Sep 5, 2024
edited
Loading

Add the compatibility for openshift (use the work of bitnami).
Deletes certain securityContext properties.

Issue: #110

Template:

Enabled

# Source: krakend/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: test-krakend
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: krakend
      app.kubernetes.io/instance: test
  template:
    metadata:
      labels:
        app.kubernetes.io/name: krakend
        app.kubernetes.io/instance: test
    spec:
      containers:
        - name: krakend
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              add:
              - NET_BIND_SERVICE
              drop:
              - ALL
            readOnlyRootFilesystem: true
            runAsNonRoot: true
            runAsUser: 1000
          image: "docker.io/devopsfaith/krakend:2.7.0"
          imagePullPolicy: IfNotPresent
...

Disabled

# Source: krakend/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: test-krakend
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: krakend
      app.kubernetes.io/instance: test
  template:
    metadata:
      labels:
        app.kubernetes.io/name: krakend
        app.kubernetes.io/instance: test
    spec:
      containers:
        - name: krakend
          image: "docker.io/devopsfaith/krakend:2.7.0"
          imagePullPolicy: IfNotPresent
...

Auto

# Source: krakend/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: test-krakend
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: krakend
      app.kubernetes.io/instance: test
  template:
    metadata:
      labels:
        app.kubernetes.io/name: krakend
        app.kubernetes.io/instance: test
    spec:
      serviceAccountName: test-krakend
      containers:
        - name: krakend
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              add:
              - NET_BIND_SERVICE
              drop:
              - ALL
            readOnlyRootFilesystem: true
            runAsNonRoot: true
          image: "docker.io/devopsfaith/krakend:2.7.0"
          imagePullPolicy: IfNotPresent
...

@Baboulinet-33 Baboulinet-33 mentioned this pull request Sep 5, 2024
Open
JAORMX
JAORMX requested changes Sep 10, 2024
View reviewed changes
templates/_compatibility.tpl Outdated
@@ -0,0 +1,42 @@
{{/*
Copyright Broadcom, Inc. All Rights Reserved.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you work for Broadcom? I'm not sure what the copyright policy for this project is.

templates/deployment.yaml Outdated Show resolved Hide resolved
values.yaml Outdated Show resolved Hide resolved
Baptiste Noleau added 2 commits October 3, 2024 11:30
@Baboulinet-33
Copy link
Author

I've changed the way I do things to just put 2 booleans that enable or disable securityContext

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JAORMX JAORMX Awaiting requested review from JAORMX

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Baboulinet-33 @JAORMX