Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Forced fsGroup when using cache breaks Renovate deployments in restricted environments #1701

Open
minijus opened this issue Aug 28, 2024 · 0 comments · May be fixed by #1782
Open

Forced fsGroup when using cache breaks Renovate deployments in restricted environments #1701

minijus opened this issue Aug 28, 2024 · 0 comments · May be fixed by #1782

Comments

@minijus
Copy link

minijus commented Aug 28, 2024

After the change that adds fsGroup automatically (#1404) chart deployments on restricted environments (e.g. OpenShift) started to fail.

In OpenShift containers run as non root with random user id and directories with mounted volumes are automatically chown'ed. Thus, statically setting fsGroup is not an option in OpenShift.

Proposed solution to overcome this issue would be to introduce additional value compatability.omitSecurityContextFsGroup (or any other proposed name). The default for new value would be false and if it is as true the chart would omit fsGroup property.

Happy to open PR for this (after deciding on possible solution/naming).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@minijus