Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(helm): add global settings for commonly used values #634

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

feat(helm): add global settings for commonly used values #634

wants to merge 1 commit into from

Conversation

jdpleiness
Copy link
Contributor

@jdpleiness jdpleiness commented Feb 4, 2025
edited
Loading

@jdpleiness Graphite App
Copy link
Contributor Author

This stack of pull requests is managed by Graphite. Learn more about stacking.

@jdpleiness jdpleiness force-pushed the 02-04-feat_helm_add_global_settings_for_commonly_used_values branch from cde9617 to bd175ff Compare February 4, 2025 19:37
michaellzc
michaellzc reviewed Feb 4, 2025
View reviewed changes
charts/sourcegraph/values.yaml
podSecurityContext: {}
# -- Global privileged mode settings that can be overridden per service
# Determines if pods/containers can run with elevated privileges
privileged: {}
Copy link
Member

@michaellzc michaellzc Feb 4, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this feels odd to have a global flag privileged and it's only applicable to selective daemonset

why not just disable them separately?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cc @marcleblanc2

Copy link
Contributor

@marcleblanc2 marcleblanc2 Feb 4, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@michaellzc in Red Hat's OpenShift Kubernetes platform, containers are only allowed to run as specific UIDs / GIDs, so the customer's OpenShift admin provides the UID / GID number to their site admin, who currently has to copy / paste this big blob onto all services in their Helm override file, which about doubles the length of the file and makes it difficult to read. This fact took us a couple months to get to the bottom of on a current Implementation Services engagement, so this config and a coming doc update will save future OpenShift customers much time.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

too clarify, I understand the use case of global PSC. This comment is specifically about the privileged flag.

@jdpleiness jdpleiness force-pushed the 02-04-feat_helm_add_global_settings_for_commonly_used_values branch from bd175ff to 79523da Compare February 4, 2025 20:01
@jdpleiness jdpleiness force-pushed the 02-04-feat_helm_add_global_settings_for_commonly_used_values branch from 79523da to 8c750b5 Compare February 4, 2025 20:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michaellzc michaellzc michaellzc left review comments

@marcleblanc2 marcleblanc2 Awaiting requested review from marcleblanc2

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jdpleiness @marcleblanc2 @michaellzc