bug: Helm: insufficient securityContext settings for fluentd-CR template

[nkaijala-elisa]

Describe the issue

When using openshift with strict SCCs, the helm chart cannot be configured in a way that would satisfy the security hardening by SCCs.

The Fluentd template of the helm chart doesn't pass securityContext values to the resource to be created. This results in the subsequent fluentd statefulset having insufficient settings.

To Reproduce

Install the operator via Helm on Openshift with any security hardening.

Expected behavior

A working fluentd logging pipeline.

Your Environment

- Fluent Operator version: v1.15.3
- Container Runtime: CRI-O, on OpenShift 4.11
- Operating system: RHEL 8.6
- Kernel version: 4.18.0

How did you install fluent operator?

• Helm install
• Installed Fluentd CRDs
• Installed Fluentd in fluentd-only -mode
• Set up Security Context Constraints (OpenShift requirement)

Additional context

Somewhat related to #948

to fix, add:

  {{- if .Values.fluentd.securityContext }}
  securityContext:
    {{ toYaml .Values.fluentd.securityContext | nindent 4 }}
  {{- end }}
  {{- if .Values.fluentd.containerSecurityContext }}
  containerSecurityContext:
    {{ toYaml .Values.fluentd.containerSecurityContext | nindent 4 }}
  {{- end }}

in charts/fluent-operator/templates/fluent-fluentd.yaml under spec:

and (for example)

  # Container security context for Fluentd
  containerSecurityContext:
    runAsUser: 12345
  # Security context for Fluentd
  securityContext:
    fsGroup: 12345
    runAsUser: 12345

in values.yaml under fluentd: