Add compatibility with OKD and OpenShift#887
Open
hlavki wants to merge 2 commits intocodecentric:masterfrom
Open
Add compatibility with OKD and OpenShift#887hlavki wants to merge 2 commits intocodecentric:masterfrom
hlavki wants to merge 2 commits intocodecentric:masterfrom
Conversation
Signed-off-by: Michal Hlavac <miso@hlavki.eu>
# Conflicts: # charts/keycloakx/templates/_helpers.tpl
dominiquemetz
requested changes
Apr 1, 2026
| securityContext: | ||
| {{- toYaml .Values.dbchecker.securityContext | nindent 12 }} | ||
| {{- if .Values.podSecurityContext.enabled }} | ||
| securityContext: {{- include "keycloak.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 12 }} |
Contributor
There was a problem hiding this comment.
This security context belongs to the dbchecker, which should be set via .Values.dbchecker.securityContext. Please adapt your solution to use this securityContext
|
|
||
| # SecurityContext for the entire Pod. Every container running in the Pod will inherit this SecurityContext. This might be relevant when other components of the environment inject additional containers into running Pods (service meshes are the most prominent example for this) | ||
| podSecurityContext: | ||
| enabled: true |
Contributor
There was a problem hiding this comment.
Are the "enabled" flags necessary for this feature? Why would I need to disable the rendering of the security contexts in the context of OKD and OpenShift support? If not strictly necessary, I would ask you to remove the enabled flag and have no conditional rendering of the securityContexts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This change adds compatibility with OKD and OpenShift.
The rendering of security contexts has been adjusted to allow the container to run on these platforms without explicitly setting UID and GID. This aligns with the security model used by OKD/OpenShift, where these values are typically assigned dynamically.
The implementation is based on logic from the Bitnami Helm charts repository (Apache License).
The change preserves backward compatibility with existing configurations.