Skip to content

Commit

Permalink
Allow to overwrite default SCC with values.yaml
Browse files Browse the repository at this point in the history
  • Loading branch information
harshit-splunk committed Jan 24, 2023
1 parent f9abebe commit 080964f
Show file tree
Hide file tree
Showing 4 changed files with 29 additions and 13 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).

## Unreleased

### Added

- Allow to overwrite default SecurityContextConstraints rules with values.yaml file (#643)

### Fixed

- Default recombine operator for the docker container engine (#627)
Expand Down
Original file line number Diff line number Diff line change
@@ -1,16 +1,4 @@
{{- if eq (include "splunk-otel-collector.distribution" .) "openshift" }}
kind: SecurityContextConstraints
apiVersion: security.openshift.io/v1
metadata:
name: {{ template "splunk-otel-collector.serviceAccountName" . }}
labels:
{{- include "splunk-otel-collector.commonLabels" . | nindent 4 }}
app: {{ template "splunk-otel-collector.name" . }}
chart: {{ template "splunk-otel-collector.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
users:
- system:serviceaccount:{{ .Release.Namespace }}:{{ template "splunk-otel-collector.serviceAccountName" . }}
{{- define "splunk-otel-collector.defaultSecurityContextConstraints" -}}
priority: 10
allowHostNetwork: true
allowHostPorts: true
Expand Down Expand Up @@ -44,4 +32,20 @@ supplementalGroups:
type: RunAsAny
requiredDropCapabilities:
- ALL
{{- end -}}
{{- if eq (include "splunk-otel-collector.distribution" .) "openshift" }}
kind: SecurityContextConstraints
apiVersion: security.openshift.io/v1
metadata:
name: {{ template "splunk-otel-collector.serviceAccountName" . }}
labels:
{{- include "splunk-otel-collector.commonLabels" . | nindent 4 }}
app: {{ template "splunk-otel-collector.name" . }}
chart: {{ template "splunk-otel-collector.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
users:
- system:serviceaccount:{{ .Release.Namespace }}:{{ template "splunk-otel-collector.serviceAccountName" . }}
{{- $config := include "splunk-otel-collector.defaultSecurityContextConstraints" . | fromYaml }}
{{- .Values.securityContextConstraintsOverwrite | mustMergeOverwrite $config | toYaml }}
{{- end }}
4 changes: 4 additions & 0 deletions helm-charts/splunk-otel-collector/values.schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -1133,6 +1133,10 @@
"description": "Apply for k8s cluster with windows worker node.",
"type": "boolean"
},
"securityContextConstraintsOverwrite": {
"description": "Openshift SecurityContextConstraints can be overriden in this field.",
"type": "object"
},
"gateway": {
"description": "Splunk OpenTelemetry Collector gateway deployment configuration.",
"type": "object",
Expand Down
4 changes: 4 additions & 0 deletions helm-charts/splunk-otel-collector/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -964,6 +964,10 @@ livenessProbe:
# Specifies whether to apply for k8s cluster with windows worker node.
isWindows: false

# Openshift SecurityContextConstraints can be overriden in this field.
# NOTE: This config will only be used when distribution=openshift
securityContextConstraintsOverwrite: {}

################################################################################
# OpenTelemetry "collector" k8s deployment configuration.
# This is an additional deployment of Open-telemetry collector that can be used
Expand Down

0 comments on commit 080964f

Please sign in to comment.