Openshift deployment without requiring admin privileges

Question

Openshift deployment without requiring admin privileges

Closed this issue 4 years ago · 2 comments

Openshift deployment templates are really great, but could be adapted to run under an unprivileged environment, i.e. shared Openshift cluster where you might not have admin privileges for running Security context changes.

Currently the required workaround is to add initContainers + volumes or build images ourselves with permission edits.

Answer 1 · 2020-05-19T07:39:01.000Z

Related to this privileges templates could be improved by separating configuration files to configMaps, as in this extract:

          volumeMounts:
          (...)
          - mountPath: /etc/faf/plugins/centosmantisbt.conf
            name: centosmantis
            subPath: centosmantisbt.conf


          volumes:
          (...)
          - configMap:
              name: centosmantis
            name: centosmantis

Of course another option would be to deal with permissions on /etc/faf/* as these files cannot be edited unless you have admin privileges on the cluster to run apps as root. Either that or mount them from a configMap

Answer 2 · 2020-09-23T16:52:08.000Z

IMO the solution in f06548b is not enough for OpenShift/Kubernetes.

If a pod with faf would be killed, you would lose all your configurations because the /etc/faf directory is not stored on persistent volume.

So this issue should be reopened or new issue should be created.