cdmikechen opened a new pull request, #921: URL: https://github.com/apache/submarine/pull/921
### What is this PR for? We need to add PodSecurityPolicies(k8s) or SecurityContextConstraints(openshift) to let pod run as a user with default user in docker container. Otherwise, pod may cause permission problems (like no permission error). ### What type of PR is it? Bug Fix ### Todos * [x] - Add two params in helm values.yaml: `clusterType` and `podSecurityPolicy.create` * [x] - Change operator dockerfile to support shell params `SUBMARINE_CLUSTER_TYPE` and `SUBMARINE_POD_SECURITY_POLICY_ENABLE` * [x] - Add PodSecurityPolicy (OpenShift has a default scc anyuid so that we need not to add) * [x] - The processing of operator is reconstructed: create deployment run after RBAC created * [x] - Add RunAsAnyUser policy in database\minio\server ### What is the Jira issue? https://issues.apache.org/jira/projects/SUBMARINE/issues/SUBMARINE-1179 ### How should this be tested? <!-- * First time? Setup Travis CI as described on https://submarine.apache.org/contribution/contributions.html#continuous-integration * Strongly recommended: add automated unit tests for any new or changed behavior * Outline any manual steps to test the PR here. --> ### Screenshots (if appropriate) ### Questions: * Do the license files need updating? No * Are there breaking changes for older versions? Yes * Does this need new documentation? No -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
