Versions Compared

Old Version 5

changes.mady.by.user Daniel Colon

Saved on

compared with

New Version Current

changes.mady.by.user Daniel Colon

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Image RemovedImage Added

📙 You will learn

How to configure ThreadFix to run on OpenShift.

Prerequisites

Audience: IT Professional
Difficulty: Intermediate
Time needed: Approximately 10 minutes
Tools required: N/A

In order to run ThreadFix on OpenShift there are a few special considerations. With the default Security Context Constraints, pods must be configured to run under certain user and group IDs. The following describes how to get the default UID and GID range and apply them to the ThreadFix installation.

  1. Determine the valid UID range for the project:

    Code Block
    oc get project <project_name> -o yaml


    The output will appear like below:

    Code Block
    apiVersion: project.openshift.io/v1
kind: Project
metadata:
  annotations:
    openshift.io/description: ""
    openshift.io/display-name: ""
    openshift.io/requester: kube:admin
    openshift.io/sa.scc.mcs: s0:c25,c0
    openshift.io/sa.scc.supplemental-groups: 1000600000/10000
    openshift.io/sa.scc.uid-range: 1000600000/10000

    The values openshift.io/sa.scc.uid-range and openshift.io/sa.scc.supplemental-groups will be needed for setting the appropriate <uid> and <gid> in the following step.

  2. Create a ‘myValues’ directory (if it does not exist).

    Code Block
    mkdir -p myValues

  3. Create a file named “openshift.yaml” with the following contents (replace <uid> and <gid> with valid values in the above range):

    Code Block
    kong:
  securityContext:
    runAsUser: <uid>
  postgresql:
    master:
      extraInitContainers: |
        - name: init-chmod-data
          image: bitnami/minideb
          imagePullPolicy: Always
          {{- if .Values.resources }}
          resources: {{- toYaml .Values.resources | nindent 4 }}
          {{- end }}
          command:
            - /bin/sh
            - -c
            - |
              mkdir -p {{ .Values.persistence.mountPath }}/data
              chmod 0700 {{ .Values.persistence.mountPath }}/data
          securityContext:
            runAsUser: {{ .Values.securityContext.runAsUser }}
          volumeMounts:
            - name: data
              mountPath: {{ .Values.persistence.mountPath }}
              subPath: {{ .Values.persistence.subPath }}
    securityContext:
      enabled: true
      fsGroup: "<gid>"
      runAsUser: "<uid>"
    volumePermissions:
      enabled: false
      securityContext:
        runAsUser: null
    shmVolume:
      enabled: false
minio:
  securityContext:
    enabled: false

  4. Finish any other tasks from the Installation Checklist , then Install with Helm.

Table of Contents

Table of Contents