Fix runasuser kgcarr (#255)

* Trigger build with new base image * Bump up version * Trigger build with new base image * Update version.go * Update manager.yaml * Update ibm-mongodb-operator.clusterserviceversion.yaml * Update ibm-mongodb-operator.clusterserviceversion.yaml * Trigger build with new base image * first test * code format * update logic Co-authored-by: Travis CI User <travis@example.org> Co-authored-by: Ashwini Palankar <Ashwini.Palankar@ibm.com> Co-authored-by: ash007-ibm <81858297+ash007-ibm@users.noreply.github.com>
IBM · Nov 26, 2021 · 7861e11 · 7861e11 · ash007-ibm · Jun 17, 2022
1 parent fc04d52
commit 7861e11
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 2 deletions.
diff --git a/bundle/manifests/ibm-mongodb-operator.clusterserviceversion.yaml b/bundle/manifests/ibm-mongodb-operator.clusterserviceversion.yaml
@@ -164,7 +164,7 @@ spec:
                 - get
                 - list
                 - watch
-          serviceAccountName: ibm-mongodb-operator      
+          serviceAccountName: ibm-mongodb-operator
       deployments:
       - name: ibm-mongodb-operator
         spec:

diff --git a/controllers/mongodb_controller.go b/controllers/mongodb_controller.go
@@ -76,6 +76,7 @@ type mongoDBStatefulSetData struct {
 	StsLabels      map[string]string
 	PodLabels      map[string]string
 	PVCSize        string
+	UserId         int
 }
 
 // +kubebuilder:rbac:groups=mongodb.operator.ibm.com,namespace=ibm-common-services,resources=mongodbs,verbs=get;list;watch;create;update;patch;delete
@@ -319,6 +320,20 @@ func (r *MongoDBReconciler) Reconcile(request ctrl.Request) (ctrl.Result, error)
 		}
 	}
 
+	// Select User to use
+	cppConfig := &corev1.ConfigMap{}
+	err = r.Client.Get(context.TODO(), types.NamespacedName{Name: "ibm-cpp-config", Namespace: instance.Namespace}, cppConfig)
+	if err != nil {
+		return reconcile.Result{}, err
+	}
+
+	uid := 0
+	if clusterType, exists := cppConfig.Data["kubernetes_cluster_type"]; exists {
+		if clusterType != "ocp" {
+			uid = 1000
+		}
+	}
+
 	// Check if statefulset already exists
 	sts := &appsv1.StatefulSet{}
 	var stsLabels map[string]string
@@ -389,6 +404,7 @@ func (r *MongoDBReconciler) Reconcile(request ctrl.Request) (ctrl.Result, error)
 		StsLabels:      stsLabels,
 		PodLabels:      podLabels,
 		PVCSize:        PVCSizeRequest,
+		UserId:         uid,
 	}
 
 	var stsYaml bytes.Buffer

diff --git a/controllers/statefulset.go b/controllers/statefulset.go
@@ -49,8 +49,10 @@ spec:
         clusterhealth.ibm.com/dependencies: {{ .NamespaceName }}.cert-manager
     spec:
       serviceAccountName: ibm-mongodb-operand
+      {{ if eq .UserId 1000 }}
       securityContext:
-        runAsUser: 1000
+        runAsUser: {{ .UserId }}
+      {{ end }}
       terminationGracePeriodSeconds: 30
       hostNetwork: false
       hostPID: false