From 72916e171aa341d64198986c517c9571f078d529 Mon Sep 17 00:00:00 2001
From: Valeriano Manassero
 <14011549+valeriano-manassero@users.noreply.github.com>
Date: Tue, 31 Jan 2023 09:25:53 +0100
Subject: [PATCH] Added: specific platform configurations (#144)

---
 platform-specific-configs/openshift/README.md |  3 ++
 .../openshift/values-clearml-agent.yaml       |  6 ++++
 .../openshift/values-clearml.yaml             | 36 +++++++++++++++++++
 platform-specific-configs/tanzu/README.md     |  3 ++
 .../tanzu/rolebinding.yaml                    |  2 +-
 5 files changed, 49 insertions(+), 1 deletion(-)
 create mode 100644 platform-specific-configs/openshift/README.md
 create mode 100644 platform-specific-configs/openshift/values-clearml-agent.yaml
 create mode 100644 platform-specific-configs/openshift/values-clearml.yaml
 create mode 100644 platform-specific-configs/tanzu/README.md

diff --git a/platform-specific-configs/openshift/README.md b/platform-specific-configs/openshift/README.md
new file mode 100644
index 0000000..759eb4a
--- /dev/null
+++ b/platform-specific-configs/openshift/README.md
@@ -0,0 +1,3 @@
+# Openshift specific configuration
+
+Use override files when deploying ClearML. Proposed files in this folder require setup of `<USER>` and `<FSUSER>` values to uids accepted by specific openshift configuration.
diff --git a/platform-specific-configs/openshift/values-clearml-agent.yaml b/platform-specific-configs/openshift/values-clearml-agent.yaml
new file mode 100644
index 0000000..f10b09f
--- /dev/null
+++ b/platform-specific-configs/openshift/values-clearml-agent.yaml
@@ -0,0 +1,6 @@
+agentk8sglue:
+  podSecurityContext:
+    runAsUser: 0
+  basePodTemplate:
+    podSecurityContext:
+      runAsUser: 0
diff --git a/platform-specific-configs/openshift/values-clearml.yaml b/platform-specific-configs/openshift/values-clearml.yaml
new file mode 100644
index 0000000..5ffda11
--- /dev/null
+++ b/platform-specific-configs/openshift/values-clearml.yaml
@@ -0,0 +1,36 @@
+apiserver:
+  podSecurityContext:
+    fsGroup: <FSUSER>
+    runAsUser: <USER>
+    runAsNonRoot: true
+fileserver:
+  podSecurityContext:
+    fsGroup: <FSUSER>
+    runAsUser: <USER>
+    runAsNonRoot: true
+webserver:
+  podSecurityContext:
+    fsGroup: <FSUSER>
+    runAsUser: <USER>
+    runAsNonRoot: true
+elasticsearch:
+  securityContext:
+    runAsUser: <USER>
+  podSecurityContext:
+    fsGroup: <FSUSER>
+    runAsUser: <USER>    
+  sysctlInitContainer:
+    enabled: false
+  volumeClaimTemplate:
+redis:
+  securityContext:
+    fsGroup: <FSUSER>
+    runAsUser: <USER>
+mongodb:
+  podSecurityContext:
+    enabled: true
+    fsGroup: <FSUSER>
+  containerSecurityContext:
+    enabled: true
+    runAsUser: <USER>
+    runAsNonRoot: true
diff --git a/platform-specific-configs/tanzu/README.md b/platform-specific-configs/tanzu/README.md
new file mode 100644
index 0000000..ef9ac33
--- /dev/null
+++ b/platform-specific-configs/tanzu/README.md
@@ -0,0 +1,3 @@
+# Tanzu specific configuration
+
+Before installing any ClearML chart, apply `rolebinding.yaml` file after setting needed `<NAMESPACE>` in it.
diff --git a/platform-specific-configs/tanzu/rolebinding.yaml b/platform-specific-configs/tanzu/rolebinding.yaml
index fe227cf..2fa13bc 100644
--- a/platform-specific-configs/tanzu/rolebinding.yaml
+++ b/platform-specific-configs/tanzu/rolebinding.yaml
@@ -2,7 +2,7 @@ kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: clearml-tanzu-rolebinding
-  namespace: clearml
+  namespace: <NAMESPACE>
 roleRef:
   kind: ClusterRole
   name: psp:vmware-system-privileged