address review comments

signalfx · Jan 24, 2023 · 3b7ef9d · 3b7ef9d
1 parent 414ed95
commit 3b7ef9d
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 43 deletions.
diff --git a/helm-charts/splunk-otel-collector/templates/NOTES.txt b/helm-charts/splunk-otel-collector/templates/NOTES.txt
@@ -73,6 +73,3 @@ Splunk Network Explorer is installed and configured.
 [WARNING] "clusterReceiver.eventsEnabled" parameter is deprecated. Soon it will be replaced with "clusterReceiver.k8sObjects".
           Upgrade guidelines: https://github.com/signalfx/splunk-otel-collector-chart/blob/main/UPGRADING.md#$CURRENT_VERSION-to-$NEXT_VERSION
 {{ end }}
-{{- if and (ne .Values.distribution "openshift") (not (empty .Values.securityContextConstraintsOverwrite)) }}
-[WARNING] "securityContextConstraintsOverwrite" paramter should be only used when distribution=openshift.
-{{ end }}
diff --git a/helm-charts/splunk-otel-collector/templates/_helpers.tpl b/helm-charts/splunk-otel-collector/templates/_helpers.tpl
@@ -421,43 +421,3 @@ Whether clusterReceiver should be enabled
 {{- $clusterReceiver := fromYaml (include "splunk-otel-collector.clusterReceiver" .) }}
 {{- and $clusterReceiver.enabled (or (eq (include "splunk-otel-collector.metricsEnabled" .) "true") (eq (include "splunk-otel-collector.objectsOrEventsEnabled" .) "true")) -}}
 {{- end -}}
-
-
-{{/*
-
-*/}}
-{{- define "splunk-otel-collector.defaultSecurityContextConstraints" -}}
-priority: 10
-allowHostNetwork: true
-allowHostPorts: true
-allowHostPID: true
-allowHostDirVolumePlugin: true
-allowHostIPC: false
-allowPrivilegedContainer: false
-volumes:
-- configMap
-- downwardAPI
-- emptyDir
-- hostPath
-- secret
-# Allow podman/crio socket and /proc access
-seLinuxContext:
-  type: MustRunAs
-  seLinuxOptions:
-    user: "system_u"
-    role: "system_r"
-    type: "spc_t"
-    level: "s0"
-allowedFlexVolumes: []
-allowedCapabilities: []
-defaultAddCapabilities: []
-fsGroup:
-  type: MustRunAs
-readOnlyRootFilesystem: true
-runAsUser:
-  type: RunAsAny
-supplementalGroups:
-  type: RunAsAny
-requiredDropCapabilities:
-- ALL
-{{- end -}}
diff --git a/helm-charts/splunk-otel-collector/templates/securityContextConstraints.yaml b/helm-charts/splunk-otel-collector/templates/securityContextConstraints.yaml
@@ -1,3 +1,38 @@
+{{- define "splunk-otel-collector.defaultSecurityContextConstraints" -}}
+priority: 10
+allowHostNetwork: true
+allowHostPorts: true
+allowHostPID: true
+allowHostDirVolumePlugin: true
+allowHostIPC: false
+allowPrivilegedContainer: false
+volumes:
+- configMap
+- downwardAPI
+- emptyDir
+- hostPath
+- secret
+# Allow podman/crio socket and /proc access
+seLinuxContext:
+  type: MustRunAs
+  seLinuxOptions:
+    user: "system_u"
+    role: "system_r"
+    type: "spc_t"
+    level: "s0"
+allowedFlexVolumes: []
+allowedCapabilities: []
+defaultAddCapabilities: []
+fsGroup:
+  type: MustRunAs
+readOnlyRootFilesystem: true
+runAsUser:
+  type: RunAsAny
+supplementalGroups:
+  type: RunAsAny
+requiredDropCapabilities:
+- ALL
+{{- end -}}
 {{- if eq (include "splunk-otel-collector.distribution" .) "openshift" }}
 kind: SecurityContextConstraints
 apiVersion: security.openshift.io/v1