feat(openshift): Configure osm-label to work on OpenShift (#79)

ksubrmnn · web-flow · commit d64f17885c23 · 2021-04-01T13:25:27.000-07:00
Signed-off-by: Kalya Subramanian &lt;kasubra@microsoft.com&gt;
diff --git a/charts/osm-arc/templates/osm-label.yml b/charts/osm-arc/templates/osm-label.yml
@@ -24,6 +24,16 @@ rules:
 - apiGroups: [""]
   resources: ["namespaces"]
   verbs: ["get", "patch"]
+{{- if eq .Values.Azure.Cluster.Distribution "openshift" }}
+- apiGroups:
+  - security.openshift.io
+  resourceNames:
+    - anyuid
+  resources:
+    - securitycontextconstraints
+  verbs:
+    - use
+{{- end }}
 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -88,14 +98,18 @@ metadata:
     "helm.sh/hook-weight": "35"
     "helm.sh/hook": pre-install
     "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+    {{- if (ne .Values.Azure.Cluster.Distribution "openshift") }}
     seccomp.security.alpha.kubernetes.io/pod: runtime/default
+    {{- end }}
 spec:
   template:
     metadata:
       labels:
         app: osm-label
+      {{- if (ne .Values.Azure.Cluster.Distribution "openshift") }}
       annotations:
         seccomp.security.alpha.kubernetes.io/pod: runtime/default
+      {{- end }}
     spec:
       serviceAccountName: osm-label-account
       automountServiceAccountToken: true
diff --git a/charts/osm-arc/values.yaml b/charts/osm-arc/values.yaml
@@ -2,6 +2,11 @@
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 
+## Values populated by Azure Arc K8s RP during the installation of the extension
+Azure:
+  Cluster:
+    Distribution: <cluster_distribution>
+
 OpenServiceMesh:
     ignoreNamespaces: "kube-system azure-arc arc-osm-system"
 
