Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow vcluster containers to run with arbitrary non-root UIDs on OpenShift #71

Merged
merged 1 commit into from
Nov 22, 2023

Conversation

simu
Copy link
Member

@simu simu commented Nov 21, 2023

This is required for the argocd-operator managed Redis. While the operator will auto-detect OCP4 when running on an OpenShift cluster, this logic doesn't work (and wouldn't help in any case) when running in a vcluster on OCP4.

Instead of doing some complicated configuration, we just allow the default serviceaccount in the vcluster namespace to use the nonroot-v2 SCC so that vcluster can sync pods with arbitrary non-root UIDs to the host cluster on OCP4.

Checklist

  • The PR has a meaningful title. It will be used to auto generate the
    changelog.
    The PR has a meaningful description that sums up the change. It will be
    linked in the changelog.
  • PR contains a single logical change (to build a better changelog).
  • Categorize the PR by adding one of the labels:
    bug, enhancement, documentation, change, breaking, dependency
    as they show up in the changelog.

@simu simu added the enhancement New feature or request label Nov 21, 2023
@simu simu requested a review from a team November 21, 2023 14:22
@simu simu force-pushed the ocp4/allow-scc-nonroot-v2 branch from 5b286a7 to 12504d6 Compare November 22, 2023 08:35
@simu simu merged commit de4a726 into master Nov 22, 2023
10 checks passed
@simu simu deleted the ocp4/allow-scc-nonroot-v2 branch November 22, 2023 09:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants