Get operators running on OpenShift #234
Description
Description
On OpenShift, product Pods must run with custom ServiceAccount(s) and SecurityContextConstraints.
Different Stackable products have different requirements with respect to the container permissions and capabilities.
The primary goal of this issue is to update all Stackable operators so that the products they manage run with custom ServiceAccount.
The zookeeper-operator provides an example implementation where the operator's Helm chart creates a ClusterRole that references a custom SCC object. The operator creates a ServiceAccount and a ClusterRoleBinding per namespace for each Zookeeper instance.
Acceptance criteria
- kuttl tests pass
- documentation (see here).
Tasks per operator
Part of getting the operators running on OpenShift at least the following tasks need to be performed per operator.
- Update Helm charts to create product specific service accounts and cluster roles when installing the operators.
- Update the operator code to assign this service account to Pods, StatefulSets, Deployments and so on.
- Fix
podSecurityContextwarnings that pop up during Helm installations.
Operators
- [x] airflow-operator: https://github.com/stackabletech/airflow-operator/pull/261
- [x] commons-operator
- [x] druid-operator: https://github.com/stackabletech/druid-operator/pull/425
- [x] hbase-operator
- [x] hdfs-operator
- [x] hive-operator: https://github.com/stackabletech/hive-operator/pull/323
- [x] kafka-operator: https://github.com/stackabletech/kafka-operator/issues/570
- [x] listener-operator (runs/deploys, but does not yet have regular jenkins tests)
- [x] nifi-operator: https://github.com/stackabletech/nifi-operator/pull/446
- [x] opa-operator: https://github.com/stackabletech/opa-operator/pull/431
- [x] secret-operator
- [x] spark-k8s-operator: checked with 0.0.0-dev
- [x] superset-operator: https://github.com/stackabletech/superset-operator/pull/352
- [x] trino-operator: https://github.com/stackabletech/trino-operator/pull/404
- [x] zookeeper-operator: https://github.com/stackabletech/zookeeper-operator/pull/665
### Additional Tasks
- [ ] #340
- [ ] https://github.com/stackabletech/issues/issues/341
- [ ] https://github.com/stackabletech/issues/issues/343