feat(server): support openshift restricted-v2 SCC by default#583
feat(server): support openshift restricted-v2 SCC by default#583oleksandr-codefresh wants to merge 2 commits intomainfrom
Conversation
|
| runAsNonRoot: true | ||
| runAsGroup: 999 | ||
| runAsUser: 999 | ||
| readOnlyRootFilesystem: true | ||
| podSecurityContext: | ||
| fsGroup: 999 | ||
| fsGroupChangePolicy: OnRootMismatch |
There was a problem hiding this comment.
removed as now our image uses non-root user by default
|
need to bump chartVersion / appVersion after 2026.2 released or what to do? |
| {{- if .Values.serviceAccount.create -}} | ||
| {{- default (printf "%s-mssql" (include "octopus.fullname" .)) .Values.serviceAccount.name -}} | ||
| {{- else -}} | ||
| default "default-mssql" .Values.serviceAccount.name |
There was a problem hiding this comment.
i am not a helm expert, but shouldn't that be inside some {{ }} ?
| Note: `enableDockerInDocker` must be set to `false` when using a read-only root filesystem, as Docker-in-Docker requires a privileged, writable container. | ||
|
|
||
| ### Openshift | ||
| If you are using build in mssql chart on Openshift with values: |
There was a problem hiding this comment.
| If you are using build in mssql chart on Openshift with values: | |
| If you are using built-in mssql chart on Openshift with values: |
| enabled: true | ||
| ``` | ||
|
|
||
| Our mssql has such default security contexts for mssql. |
There was a problem hiding this comment.
| Our mssql has such default security contexts for mssql. | |
| Our mssql has these default security context values: |
| drop: | ||
| - ALL | ||
| add: | ||
| - NET_BIND_SERVICE |
There was a problem hiding this comment.
why is that needed if the port is 1433 (i think this is only needed when running on ports below 1024)
3 participants
Description
Pre-requisites