tempo-distributed does not support OpenShift installation out of the box because of missing securitycontextconstraint

[bo0ts]

Describe the bug When installing tempo-distributed in an OpenShift cluster the pods fail to come up because they require to be run with any uid. A quick fix is to add the anyuid scc to the serviceaccount.

Tempo should support installation on OpenShift out of the box like other Grafana charts.

To Reproduce Install the helm chart on an OpenShift cluster.

Expected behavior Provide an option to create appropriate securitycontextconstraints for tempo. See for comparison the option rbac.sccEnabled in the loki helm charts or rbac.type in mimir.

Environment:

• Infrastructure: OpenShift 4.15
• Deployment tool: helm

[joe-elliott]

Thank you for filing this, but it likely belongs here: https://github.com/grafana/helm-charts

We are more than happy to take a PR that adds this feature to the helm chart. cc @zalegrala

[zalegrala]

I'm happy to review a PR if you'd like to send one @bo0ts.

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had any activity in the past 60 days. The next time this stale check runs, the stale label will be removed if there is new activity. The issue will be closed after 15 days if there is no new activity. Please apply keepalive label to exempt this Issue.