Skip to content

OpenShift deployment testing#558

Draft
willdollman wants to merge 1 commit into
mainfrom
will/openshift-scc-permissions
Draft

OpenShift deployment testing#558
willdollman wants to merge 1 commit into
mainfrom
will/openshift-scc-permissions

Conversation

@willdollman
Copy link
Copy Markdown
Contributor

@willdollman willdollman commented Oct 3, 2024
edited
Loading

Emulate some OpenShift behaviour with our helm charts to make testing using k8s easier:

  • Use high uid/gids
  • Add user to the root group
  • Set fsGroup 0 to ensure files are owned by root group
  • Set fsGroupChangePolicy: always

Running this locally with helm works fine (older version from my shell history, but should also work on newer instances):

$ helm upgrade --install sourcegraph --version 5.6.2535 ./ --values ../../override.yaml --namespace default

This PR is just for sharing helm charts for OpenShift testing - it shouldn't be merged

Issues

  • This relies on created files' group permissions matching owner permissions. If files are created with 744 or 755, then the user will lack execute/write permissions on the file after a pod restart. I've checked a few containers and quite a few do this:
    • Gitserver writes files with 755
    • Redis writes with 755

Checklist

Test plan

@willdollman
Emulate openshift behaviour as much as possible
52e27ff 
- Use high uid/gids
- Add user to the root group
- Set fsGroup 0 to ensure files are owned by root group
- Set fsGroupChangePolicy: always
@willdollman willdollman self-assigned this Oct 3, 2024
@willdollman willdollman changed the title Emulate openshift behaviour as much as possible OpenShift deployment testing Oct 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@willdollman willdollman

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@willdollman