cluster-api-addon-provider-helm icon indicating copy to clipboard operation
cluster-api-addon-provider-helm copied to clipboard

Published 20 hours ago verified publisher icon kubernetes-sigs

Support for OpenShift as Management Cluster

Open senthilredhat opened this issue 9 months ago • 2 comments

User Story

I am using OpenShift as my management cluster and encountered an issue when attempting to install the Helm chart on the managed cluster. The current version fails with an error related to writing to /.config and /etc/xdg folders. This is because, by default, pods on OpenShift run as non-privileged containers, which restricts write access to these directories.

Current Workaround While changing the deployment to run as a privileged container is a potential workaround, it introduces security concerns and goes against best practices for running containers.

Request Please modify the deployment configuration or provide an option to enable the Helm chart to function without requiring escalated privileges. This would involve ensuring that the necessary directories have appropriate permissions or altering the paths used by the application to directories writable by non-privileged containers.

Additional Context The issue specifically arises because of the default security context in OpenShift, which does not permit write access to /.config and /etc/xdg. Adjusting the deployment to be compatible with OpenShift’s security policies will make the Helm chart more versatile and secure.

senthilredhat avatar May 15 '24 14:05 senthilredhat