From f82ff91e10bfa1256bb100f69c16e94707f25be2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Wed, 6 Mar 2024 10:07:37 +0100 Subject: [PATCH] [bitnami/pytorch] feat: :sparkles: :lock: Add automatic adaptation for Openshift restricted-v2 SCC (#24145) Signed-off-by: Javier Salmeron Garcia --- bitnami/pytorch/Chart.lock | 6 +++--- bitnami/pytorch/Chart.yaml | 2 +- bitnami/pytorch/README.md | 11 ++++++----- bitnami/pytorch/templates/_helpers.tpl | 4 ++-- bitnami/pytorch/templates/deployment.yaml | 2 +- bitnami/pytorch/templates/statefulset.yaml | 2 +- bitnami/pytorch/values.yaml | 9 +++++++++ 7 files changed, 23 insertions(+), 13 deletions(-) diff --git a/bitnami/pytorch/Chart.lock b/bitnami/pytorch/Chart.lock index 6d39385682..5ae99eb2bc 100644 --- a/bitnami/pytorch/Chart.lock +++ b/bitnami/pytorch/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.16.1 -digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 -generated: "2024-02-21T14:29:17.262528297Z" + version: 2.18.0 +digest: sha256:f489ae7394a4eceb24fb702901483c67a5b4fff605f19d5e2545e3a6778e1280 +generated: "2024-03-05T15:29:10.952119134+01:00" diff --git a/bitnami/pytorch/Chart.yaml b/bitnami/pytorch/Chart.yaml index 60533e4caa..0f896f8ec1 100644 --- a/bitnami/pytorch/Chart.yaml +++ b/bitnami/pytorch/Chart.yaml @@ -33,4 +33,4 @@ maintainers: name: pytorch sources: - https://github.com/bitnami/charts/tree/main/bitnami/pytorch -version: 3.10.1 +version: 3.11.0 diff --git a/bitnami/pytorch/README.md b/bitnami/pytorch/README.md index cf12fe8fe7..b4af408c3d 100644 --- a/bitnami/pytorch/README.md +++ b/bitnami/pytorch/README.md @@ -59,11 +59,12 @@ The command removes all the Kubernetes components associated with the chart and ### Global parameters -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | +| Name | Description | Value | +| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | +| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `disabled` | ### Common parameters diff --git a/bitnami/pytorch/templates/_helpers.tpl b/bitnami/pytorch/templates/_helpers.tpl index 6f18b7839d..2c1d236f6f 100644 --- a/bitnami/pytorch/templates/_helpers.tpl +++ b/bitnami/pytorch/templates/_helpers.tpl @@ -51,11 +51,11 @@ Return the proper securityContext when enabled by the deprecated or new params {{- define "pytorch.securityContext" -}} {{- if .Values.securityContext }} {{- if .Values.securityContext.enabled }} - securityContext: {{- omit .Values.securityContext "enabled" | toYaml | nindent 8 }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.securityContext "context" $) | nindent 8 }} {{- end }} {{- else }} {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }} {{- end -}} {{- end -}} {{- end -}} diff --git a/bitnami/pytorch/templates/deployment.yaml b/bitnami/pytorch/templates/deployment.yaml index f68e9ac4d2..069766cd38 100644 --- a/bitnami/pytorch/templates/deployment.yaml +++ b/bitnami/pytorch/templates/deployment.yaml @@ -112,7 +112,7 @@ spec: image: {{ include "pytorch.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy | quote }} {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} {{- end }} {{- if .Values.diagnosticMode.enabled }} command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} diff --git a/bitnami/pytorch/templates/statefulset.yaml b/bitnami/pytorch/templates/statefulset.yaml index 41cae5ac6f..f1ddabb2a8 100644 --- a/bitnami/pytorch/templates/statefulset.yaml +++ b/bitnami/pytorch/templates/statefulset.yaml @@ -116,7 +116,7 @@ spec: image: {{ include "pytorch.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy | quote }} {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} {{- end }} {{- if .Values.diagnosticMode.enabled }} command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} diff --git a/bitnami/pytorch/values.yaml b/bitnami/pytorch/values.yaml index 607f1b220d..2976498853 100644 --- a/bitnami/pytorch/values.yaml +++ b/bitnami/pytorch/values.yaml @@ -19,6 +19,15 @@ global: ## imagePullSecrets: [] storageClass: "" + ## Compatibility adaptations for Kubernetes platforms + ## + compatibility: + ## Compatibility adaptations for Openshift + ## + openshift: + ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) + ## + adaptSecurityContext: disabled ## @section Common parameters ##