dgn
commented
4 months ago /retest
Closed dgn closed 4 months ago
dgn
commented
4 months ago /retest
dgn
commented
4 months ago /retest
dgn
commented
4 months ago /retest
dgn
commented
4 months ago /retest
luksa
commented
4 months ago /retest
dgn
commented
4 months ago /hold
Putting a hold so that @jewertow has time to review
luksa
commented
4 months ago BTW: I just tested this with the 2.6 operator and (at least the happy path) works as expected.
In multitenant environments, we cannot expect to have access to namespaces to derive valid UID/GIDs, so we'll need to take whatever OCP injects into the securityContext and work with that. The reason this works is that if no securityContext is provided by the user, OCP will create one with a valid
runAsUservalue that is in the expected range.I could only test this together with the 2.5 operator (there's no 2.6 operator yet) which has different injection templates, but it seemed to work.