Home Explore Help
Sign In
cecf
/
deploy
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
deploy
/
ch
/
charts
/
common
/
templates
/
_compatibility.tpl

_compatibility.tpl 2.2 KB
Permalink History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546 
  1. {{/*
    2. 

  2. Copyright Broadcom, Inc. All Rights Reserved.
    3. 

  3. SPDX-License-Identifier: APACHE-2.0
    4. 

  4. */}}
    5. 

  5. 

  6. {{/* vim: set filetype=mustache: */}}
    7. 

  7. 

  8. {{/* 
    9. 

  9. Return true if the detected platform is Openshift
    10. 

  10. Usage:
    11. 

  11. {{- include "common.compatibility.isOpenshift" . -}}
    12. 

  12. */}}
    13. 

  13. {{- define "common.compatibility.isOpenshift" -}}
    14. 

  14. {{- if .Capabilities.APIVersions.Has "security.openshift.io/v1" -}}
    15. 

  15. {{- true -}}
    16. 

  16. {{- end -}}
    17. 

  17. {{- end -}}
    18. 

  18. 

  19. {{/*
    20. 

  20. Render a compatible securityContext depending on the platform. By default it is maintained as it is. In other platforms like Openshift we remove default user/group values that do not work out of the box with the restricted-v1 SCC
    21. 

  21. Usage:
    22. 

  22. {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) -}}
    23. 

  23. */}}
    24. 

  24. {{- define "common.compatibility.renderSecurityContext" -}}
    25. 

  25. {{- $adaptedContext := .secContext -}}
    26. 

  26. 

  27. {{- if (((.context.Values.global).compatibility).openshift) -}}
    28. 

  28.   {{- if or (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "force") (and (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "auto") (include "common.compatibility.isOpenshift" .context)) -}}
    29. 

  29.     {{/* Remove incompatible user/group values that do not work in Openshift out of the box */}}
    30. 

  30.     {{- $adaptedContext = omit $adaptedContext "fsGroup" "runAsUser" "runAsGroup" -}}
    31. 

  31.     {{- if not .secContext.seLinuxOptions -}}
    32. 

  32.     {{/* If it is an empty object, we remove it from the resulting context because it causes validation issues */}}
    33. 

  33.     {{- $adaptedContext = omit $adaptedContext "seLinuxOptions" -}}
    34. 

  34.     {{- end -}}
    35. 

  35.   {{- end -}}
    36. 

  36. {{- end -}}
    37. 

  37. {{/* Remove empty seLinuxOptions object if global.compatibility.omitEmptySeLinuxOptions is set to true */}}
    38. 

  38. {{- if and (((.context.Values.global).compatibility).omitEmptySeLinuxOptions) (not .secContext.seLinuxOptions) -}}
    39. 

  39.   {{- $adaptedContext = omit $adaptedContext "seLinuxOptions" -}}
    40. 

  40. {{- end -}}
    41. 

  41. {{/* Remove fields that are disregarded when running the container in privileged mode */}}
    42. 

  42. {{- if $adaptedContext.privileged -}}
    43. 

  43.   {{- $adaptedContext = omit $adaptedContext "capabilities" "seLinuxOptions" -}}
    44. 

  44. {{- end -}}
    45. 

  45. {{- omit $adaptedContext "enabled" | toYaml -}}
    46. 

  46. {{- end -}}
    47.