Support for OpenShift as Management Cluster

[senthilredhat]

User Story

I am using OpenShift as my management cluster and encountered an issue when attempting to install the Helm chart on the managed cluster. The current version fails with an error related to writing to /.config and /etc/xdg folders. This is because, by default, pods on OpenShift run as non-privileged containers, which restricts write access to these directories.

Current Workaround While changing the deployment to run as a privileged container is a potential workaround, it introduces security concerns and goes against best practices for running containers.

Request Please modify the deployment configuration or provide an option to enable the Helm chart to function without requiring escalated privileges. This would involve ensuring that the necessary directories have appropriate permissions or altering the paths used by the application to directories writable by non-privileged containers.

Additional Context The issue specifically arises because of the default security context in OpenShift, which does not permit write access to /.config and /etc/xdg. Adjusting the deployment to be compatible with OpenShift’s security policies will make the Helm chart more versatile and secure.

[Jont828]

/triage accepted

[Jont828]

@senthilredhat Thanks for your patience, I haven't worked with OpenShift before but will try to look into this. Just to clarify, you need the cluster-api-helm-controller pod to have write permissions to only the folders /.config and /etc/xdg, is that right?