feat(agent): add option to override security.openshift.io/v1 API presence #2051
Conversation
|
Hi @jsecchiero. Thanks for your PR. After inspecting your changes someone with write access to this repo needs |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
jsecchiero
changed the title
| @@ -404,3 +404,6 @@ tests: | |||
| tag: 1.31.2 | |||
| # Allow to modify DNS policy | |||
| dnsPolicy: null | |||
| # Overrides `security.openshift.io/v1` API detection | |||
| # useful while using "helm template" and to generate security context constraints | |||
| hasAPISecurityOpenshiftV1Override: false | |||
There was a problem hiding this comment.
Given (as discussed):
• If .Values.hasAPISecurityOpenshiftV1Override is provided the SCC template will use that value, overriding (.Capabilities.APIVersions.Has "security.openshift.io/v1")
• If .Values.hasAPISecurityOpenshiftV1Override is not provided it will use (.Capabilities.APIVersions.Has "security.openshift.io/v1")
I would be inclined not to provide a default value here. This means the default behaviour will be to use (.Capabilities.APIVersions.Has "security.openshift.io/v1") and only if a value is purposefully provided will we override it.
I don't know if that has documentation implications though (ie will the chart docs not mention this value and essentially make it a secret override only found by reading charts/agent/templates/securitycontextconstraint.yaml? Maybe that is a desired side-effect?
|
This PR is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days |
github-actions
bot
added
the
stale
What this PR does / why we need it:
Checklist
feat(agent,node-analyzer,sysdig-deploy):)