Skip to content

Commit

Permalink
Fixes security context rendering of empty object value. (#2007)
Browse files Browse the repository at this point in the history 
This will allow to render `securityContext: {}` and `containerSecurityContext: {}.

In Openshift leaving security context as an empty object sets the right values to the pods and containers to be in compliance with the Security Context Constrains (SCC) in the namespace.

https://docs.openshift.com/container-platform/4.15/authentication/managing-security-context-constraints.html

Signed-off-by: pjuarezd <[email protected]>
  • Loading branch information
@pjuarezd
pjuarezd authored Mar 1, 2024
1 parent 4b5381b commit 17f6d92
Showing 1 changed file with 14 additions and 7 deletions.
21 changes: 14 additions & 7 deletions helm/tenant/templates/tenant.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,11 +67,17 @@ spec:
{{- with (dig "resources" (dict) .) }}
resources: {{- toYaml . | nindent 8 }}
{{- end }}
{{- if hasKey . "securityContext" }}
securityContext: {{- if eq (len .securityContext) 0 }} {} {{- end }}
{{- with (dig "securityContext" (dict) .) }}
securityContext: {{- toYaml . | nindent 8 }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- if hasKey . "containerSecurityContext" }}
containerSecurityContext: {{- if eq (len .containerSecurityContext) 0 }} {} {{- end }}
{{- with (dig "containerSecurityContext" (dict) .) }}
containerSecurityContext: {{- toYaml . | nindent 8 }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- with (dig "topologySpreadConstraints" (list) .) }}
topologySpreadConstraints: {{- toYaml . | nindent 8 }}
Expand Down Expand Up @@ -175,10 +181,11 @@ spec:
labels: {{- toYaml . | nindent 4 }}
{{- end }}
serviceAccountName: {{ .kes.serviceAccountName | quote }}
securityContext:
runAsUser: {{ .kes.securityContext.runAsUser | int }}
runAsGroup: {{ .kes.securityContext.runAsGroup | int }}
runAsNonRoot: {{ .kes.securityContext.runAsNonRoot }}
fsGroup: {{ .kes.securityContext.fsGroup | int }}
{{- if hasKey .kes "securityContext" }}
securityContext: {{- if eq (len .kes.securityContext) 0 }} {} {{- end }}
{{- with (dig "kes" "securityContext" (dict) .) }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

0 comments on commit 17f6d92

Please sign in to comment.