internet/awx-operator
3
0
Fork 0
mirror of https://github.com/ansible/awx-operator.git synced 2026-05-08 06:12:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add support for arbitrary pod-level securityContext settings

Browse Source 
This allows for doing stuff like this on the custom resource:

```
security_context_settings:
  runAsUser: 1000
  runAsGroup: 0
```

I added `snakeCaseParameters: False` because without it, variables like `runAsUser` become `run_as_user`... and that doesnt work.
This commit is contained in:
Shane McDonald
2021-11-10 19:06:20 +08:00
parent b2479c8014
commit 138964f7ab
4 changed files with 15 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
roles/installer/defaults/main.yml
View File

@@ -235,3 +235,5 @@ bundle_cacert_secret: ''
garbage_collect_secrets: false
development_mode: false
security_context_settings: {}

7
roles/installer/templates/deployment.yaml.j2
View File

@@ -310,9 +310,14 @@ spec:
tolerations:
{{ tolerations | indent(width=8) }}
{% endif %}
{% if projects_persistence|bool %}
{% if projects_persistence|bool or (security_context_settings|length) %}
securityContext:
{% if projects_persistence|bool %}
fsGroup: 1000
{% endif %}
{% if security_context_settings|length %}
{{ security_context_settings | to_nice_yaml | indent(8) }}
{% endif %}
{% endif %}
volumes:
{% if bundle_ca_crt %}