Add support for ova provider creation for k8s in restricted namespace #643
Conversation
…penshift and k8s platform. Signed-off-by: Bella Khizgiyaev <[email protected]>
|
Kudos, SonarCloud Quality Gate passed!
|
bkhizgiy
changed the title
| @@ -188,44 +191,92 @@ func (r *Reconciler) createServerService(provider *api.Provider, ctx context.Con | |||
| func (r *Reconciler) makeOvaProviderPodSpec(pvcName string, providerName string) core.PodSpec { | |||
| imageName, ok := os.LookupEnv(ovaImageVar) | |||
| if !ok { | |||
| r.Log.Error(nil, "Failed to find OVA server image") | |||
| fmt.Println("Failed to find OVA server image") | |||
There was a problem hiding this comment.
why? we need to use the logger here
| isOpenShift := r.runningInOpenShift() | ||
| //Security settings for k8s | ||
| if !isOpenShift { | ||
| container.SecurityContext.RunAsUser = &user |
There was a problem hiding this comment.
what happens when we set this on openshift?
|
|
||
| //Security pod settings for k8s | ||
| if !isOpenShift { | ||
| podSpec.SecurityContext = &core.PodSecurityContext{ |
There was a problem hiding this comment.
same question here - I see that we set this and the RunAsUser regardless of the cluster type (openshift/k8s) on the pvc-init pod, why do we have to differentiate here?
| return podSpec | ||
| } | ||
|
|
||
| func (r *Reconciler) runningInOpenShift() bool { |
There was a problem hiding this comment.
there should be a "cleaner" way to know the cluster type (by propagating this from the operator to an environment variable of the pod) but please clarify first why we need to differentiate them here
|
replace this PR with #660, closing this one. |
This fix checks on which platform it running on and accordingly setting the appropriate pod security setting.