Skip to content

Commit

Permalink
feat(core): Remove Openshift security warning message
Browse files Browse the repository at this point in the history
Add the valid openshift security contexts to :
* operator pod
* integration pod
  • Loading branch information
gansheer committed Sep 13, 2023
1 parent 40c207e commit d32cca6
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 0 deletions.
9 changes: 9 additions & 0 deletions pkg/install/operator.go
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ import (
"github.com/apache/camel-k/v2/pkg/util/knative"
"github.com/apache/camel-k/v2/pkg/util/kubernetes"
"github.com/apache/camel-k/v2/pkg/util/minikube"
"github.com/apache/camel-k/v2/pkg/util/openshift"
"github.com/apache/camel-k/v2/pkg/util/patch"
image "github.com/apache/camel-k/v2/pkg/util/registry"
)
Expand Down Expand Up @@ -243,6 +244,14 @@ func OperatorOrCollect(ctx context.Context, cmd *cobra.Command, c client.Client,
// Remove Ingress permissions as it's not needed on OpenShift
// This should ideally be removed from the common RBAC manifest.
RemoveIngressRoleCustomizer(o)

if d, ok := o.(*appsv1.Deployment); ok {
securityContext, _ := openshift.GetOpenshiftSecurityContextRestricted(ctx, c, cfg.Namespace)
if securityContext != nil {
d.Spec.Template.Spec.Containers[0].SecurityContext = securityContext

}
}
}

return o
Expand Down
14 changes: 14 additions & 0 deletions pkg/trait/container.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ import (
"github.com/apache/camel-k/v2/pkg/util/envvar"
"github.com/apache/camel-k/v2/pkg/util/knative"
"github.com/apache/camel-k/v2/pkg/util/kubernetes"
"github.com/apache/camel-k/v2/pkg/util/openshift"
)

const (
Expand Down Expand Up @@ -200,6 +201,8 @@ func (t *containerTrait) configureContainer(e *Environment) error {
}
t.configureCapabilities(e)

t.configureSecurityContext(e, &container)

var containers *[]corev1.Container
visited := false

Expand Down Expand Up @@ -339,3 +342,14 @@ func (t *containerTrait) configureCapabilities(e *Environment) {
e.ApplicationProperties["camel.context.rest-configuration.component"] = "platform-http"
}
}

func (t *containerTrait) configureSecurityContext(e *Environment, container *corev1.Container) {
// get security context from security context constraint configuration in namespace
isOpenShift, _ := openshift.IsOpenShift(e.Client)
if isOpenShift {
securityContext, _ := openshift.GetOpenshiftSecurityContextRestricted(e.Ctx, e.Client, e.Platform.Namespace)
if securityContext != nil {
container.SecurityContext = securityContext
}
}
}

0 comments on commit d32cca6

Please sign in to comment.