export default SecurityContextConstraints for OCP clusters #68
Conversation
api/ocp/scc.go
Outdated
|
|
||
| // NewSecurityContextConstraints exports a default configuration of the | ||
| // Security Context Constraints to deploy ceph-csi-operator in an OCP cluster | ||
| func NewSecurityContextConstraints(namespace string, name string) *secv1.SecurityContextConstraints { |
There was a problem hiding this comment.
we need to scc.yaml in config folder which is required for upstream users and we can use it as template here and make it customizable with serviceaccount name and namespace.
There was a problem hiding this comment.
add scc.yaml as a template, initially followed that route. but importing it threw some errors, so pivoted to generating the yaml from go code.
but there was some issue with me pushing the package, that resulted the issue. pivoted back to the template
There was a problem hiding this comment.
There are some improvement required, lets talk about it in today's standup
weirdwiz
force-pushed
the
api-module
branch
3 times, most recently
from
3657a34
to
2aead8e
Compare
api/ocp/scc.yaml
Outdated
| - system:serviceaccount:{{.Namespace}}:csi-rbd-ctrlplugin-sa | ||
| - system:serviceaccount:{{.Namespace}}:csi-cephfs-ctrlplugin-sa | ||
| - system:serviceaccount:{{.Namespace}}:csi-nfs-ctrlplugin-sa | ||
| - system:serviceaccount:{{.Namespace}}:csi-rbd-nodeplugin-sa | ||
| - system:serviceaccount:{{.Namespace}}:csi-cephfs-nodeplugin-sa |
There was a problem hiding this comment.
Having a template here doesnt help upstream Rook users. we need complete yaml where Rook or user can use it directly
|
@weirdwiz This PR is trying to attack multiple things at once:
Please separate into two different PRs |
Signed-off-by: Divyansh Kamboj <dkamboj@redhat.com>
this commit exports SecurityContextConstraints to let the user deploy the ceph-csi-operator in OCP clusters Signed-off-by: Divyansh Kamboj <dkamboj@redhat.com>
|
@weirdwiz Can you please rebase this and get rid of the first commit? (which is already addressed on a different PR that got merged) |
|
@weirdwiz ping |
|
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed in two weeks if no further activity occurs. Thank you for your contributions. |
Describe what this PR does
This PR exports the SecurityContextConstraints for admins deploying the ceph-csi-operators in OCP clusters
Is there anything that requires special attention
Do you have any questions?
Is the change backward compatible?
Are there concerns around backward compatibility?
Provide any external context for the change, if any.
For example:
Related issues
Mention any github issues relevant to this PR. Adding below line
will help to auto close the issue once the PR is merged.
Fixes: #issue_number
Future concerns
List items that are not part of the PR and do not impact it's
functionality, but are work items that can be taken up subsequently.
Checklist:
guidelines in the developer
guide.
Request
notes
updated with breaking and/or notable changes for the next major release.