search

bitnami / charts

Bitnami Helm Charts
https://bitnami.com
Other
8.85k stars 9.14k forks source link

It's not possible to properly switch off deployer.podSecurityContext #9207

Closed pluess closed 2 years ago

pluess commented 2 years ago

Name and Version

bitnami/spring-cloud-data-flow 5.2.1

What steps will reproduce the bug?

To get the chart working on OpenShift I had to get rid of all podSecurity and containerSecurity entries. This works fine except for deployer.podSecurityContext. deployer.podSecurityContext is not checking for enabled. Instead it just checks wheter the table has any contents at all. This means to switch if off I had to set an empty table (or false). This does the job but it triggers the following warnings when the chart is installed:

coalesce.go:199: warning: cannot overwrite table with non table for podSecurityContext (map[runAsUser:1001])
coalesce.go:199: warning: cannot overwrite table with non table for podSecurityContext (map[runAsUser:1001])
coalesce.go:199: warning: cannot overwrite table with non table for podSecurityContext (map[runAsUser:1001])
coalesce.go:199: warning: cannot overwrite table with non table for podSecurityContext (map[runAsUser:1001])
coalesce.go:199: warning: cannot overwrite table with non table for podSecurityContext (map[runAsUser:1001])

It would be nicer and more obvious if deployer.podSecurityContext would check for an enabled entry instead of just checking the existence of the whole table.

How to reproduce:

helm install --dry-run --debug -f my-values.yaml my-release bitnami/spring-cloud-dataflow

Are you using any custom parameters or values?

  kafka:
    zookeeper:
        podSecurityContext:
          enabled: false
        containerSecurityContext:
          enabled: false

  server:
    podSecurityContext:
      enabled: false
    containerSecurityContext:
      enabled: false

  skipper:
    podSecurityContext:
      enabled: false
    containerSecurityContext:
      enabled: false

  deployer:
    podSecurityContext: []

What is the expected behavior?

It should be possible to use

    deployer:
        podSecurityContext:
            enabled: false

to avoid the warnings.

What do you see instead?

The following warnings are issued:

coalesce.go:199: warning: cannot overwrite table with non table for podSecurityContext (map[runAsUser:1001])
coalesce.go:199: warning: cannot overwrite table with non table for podSecurityContext (map[runAsUser:1001])
coalesce.go:199: warning: cannot overwrite table with non table for podSecurityContext (map[runAsUser:1001])
coalesce.go:199: warning: cannot overwrite table with non table for podSecurityContext (map[runAsUser:1001])
coalesce.go:199: warning: cannot overwrite table with non table for podSecurityContext (map[runAsUser:1001])

Additional information

Basically in templates\skipper\configmap.yaml and templates\server\configmap.yaml

    {{- if .Values.deployer.podSecurityContext }}
    podSecurityContext: {{- toYaml .Values.deployer.podSecurityContext | nindent 22 }}
    {{- end }}

should be replaced by 

      {{- if .Values.deployer.podSecurityContext.enabled }}
      podSecurityContext: {{- omit .Values.deployer.podSecurityContext "enabled" | toYaml | nindent 8 }}
      {{- end }}
javsalgar commented 2 years ago

Hi,

Thank you so much for the input! Would you like to submit a PR with the fix?

github-actions[bot] commented 2 years ago

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.