refactor: wrap the injection in a feature flag

uselagoon · Sep 29, 2023 · a1a3a60 · a1a3a60
1 parent dc0d80d
commit a1a3a60
Show file tree

Hide file tree

Showing 7 changed files with 10 additions and 13 deletions.
diff --git a/legacy/build-deploy-docker-compose.sh b/legacy/build-deploy-docker-compose.sh
@@ -856,7 +856,9 @@ set +x
 if [ "$(featureFlag ROOTLESS_WORKLOAD)" = enabled ]; then
 	yq3 merge -ix -- /kubectl-build-deploy/values.yaml /kubectl-build-deploy/rootless.values.yaml
 fi
-
+if [ "$(featureFlag FS_ON_ROOT_MISMATCH)" = enabled ]; then
+	yq3 write -i -- /kubectl-build-deploy/values.yaml 'podSecurityContext.fsGroupChangePolicy' "OnRootMismatch"
+fi
 if [ "${SCC_CHECK}" != "false" ]; then
   # openshift permissions are different, this is to set the fsgroup to the supplemental group from the openshift annotations
   # this applies it to all deployments in this environment because we don't isolate by service type its applied to all

diff --git a/legacy/helmcharts/basic-persistent/values.yaml b/legacy/helmcharts/basic-persistent/values.yaml
@@ -17,8 +17,7 @@ imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
 
-podSecurityContext:
-  fsGroupChangePolicy: "OnRootMismatch"
+podSecurityContext: {}
 
 securityContext: {}
   # capabilities:

diff --git a/legacy/helmcharts/cli-persistent/values.yaml b/legacy/helmcharts/cli-persistent/values.yaml
@@ -19,8 +19,7 @@ imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
 
-podSecurityContext:
-  fsGroupChangePolicy: "OnRootMismatch"
+podSecurityContext: {}
 
 securityContext: {}
   # capabilities:

diff --git a/legacy/helmcharts/nginx-php-persistent/values.yaml b/legacy/helmcharts/nginx-php-persistent/values.yaml
@@ -19,8 +19,7 @@ imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
 
-podSecurityContext:
-  fsGroupChangePolicy: "OnRootMismatch"
+podSecurityContext: {}
 
 securityContext: {}
   # capabilities:

diff --git a/legacy/helmcharts/node-persistent/values.yaml b/legacy/helmcharts/node-persistent/values.yaml
@@ -17,8 +17,8 @@ imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
 
-podSecurityContext:
-  fsGroupChangePolicy: "OnRootMismatch"
+podSecurityContext: {}
+
 securityContext: {}
   # capabilities:
   #   drop:

diff --git a/legacy/helmcharts/python-persistent/values.yaml b/legacy/helmcharts/python-persistent/values.yaml
@@ -17,8 +17,7 @@ imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
 
-podSecurityContext:
-  fsGroupChangePolicy: "OnRootMismatch"
+podSecurityContext: {}
 
 securityContext: {}
   # capabilities:

diff --git a/legacy/helmcharts/worker-persistent/values.yaml b/legacy/helmcharts/worker-persistent/values.yaml
@@ -19,8 +19,7 @@ imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
 
-podSecurityContext:
-  fsGroupChangePolicy: "OnRootMismatch"
+podSecurityContext: {}
 
 securityContext: {}
   # capabilities: