deveshgoyal1000 commented on issue #41630:
URL: https://github.com/apache/airflow/issues/41630#issuecomment-2308526630
Hey @philthynz Thank you for pointing me to the Bitnami approach it looks
great and aligns perfectly with our goals. I'll proceed with this method to
ensure the Helm charts automatically remove runAsUser, runAsGroup, and fsGroup
when deployed on OpenShift.
To ensure I’m on the right track, here’s the updated conditional logic that
I’ll be applying :
``` yaml
{{- if and (eq .Values.global.compatibility.openshift.adaptSecurityContext
"auto") (eq .Values.global.compatibility.openshift.enabled true) }}
containerSecurityContext: {}
podSecurityContext: {}
{{- else }}
containerSecurityContext:
runAsUser: {{ .Values.containerSecurityContext.runAsUser | default "" }}
runAsGroup: {{ .Values.containerSecurityContext.runAsGroup | default "" }}
podSecurityContext:
fsGroup: {{ .Values.podSecurityContext.fsGroup | default "" }}
{{- end }}
```
This approach separates the containerSecurityContext and podSecurityContext,
ensuring that OpenShift-specific settings are handled correctly, while also
allowing other Kubernetes environments to use the specified values.
Please let me know if this aligns with your expectations or if there are any
further adjustments needed.
Thanks!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
