Closed minijus closed 1 month ago
Hi!
Thank you so much for the draft! The team will take a look
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.
@javsalgar would you be able to have a look at the PR that addresses this issue?
Name and Version
bitnami/common 2.21.0
What is the problem this feature will solve?
Today many (all?) Bitnami Helm charts set empty object for
seLinuxOptions
withincontainerSecurityPolicy
, e.g. https://github.com/bitnami/charts/blob/main/bitnami/mongodb/values.yaml#L585Empty
seLinuxOptions
property is only removed in OpenShift compatibility mode https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_compatibility.tpl#L28-L35There are scenarios where OpenShift compatibility mode is not desired, but
seLinuxOptions
should be removed. Running on Azure Kubernetes Service (AKS) and using built-in Azure Policy definition: https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/SELinux.json at the same time having to set one of "fsGroup" "runAsUser" "runAsGroup" properties with security context.With scenario mentioned above built-in Azure Policy definition for SELinux fails with the message: "SELinux options is not allowed".
What is the feature you are proposing to solve the problem?
Similarly to
global.compatibility.openshift.adaptSecurityContext
addglobal.compatibility.omitEmptySeLinuxOptions
value and use this value incommon.compatibility.renderSecurityContext
helper to conditionally omitseLinuxOptions
when it is empty/falsy.Default value for
global.compatibility.omitEmptySeLinuxOptions
should befalse
making the change non-breaking.What alternatives have you considered?
Alternatives to overcome mentioned issue are only local "workarounds":
seLinuxOptions
in runtime