[stable/jenkins] Add runAsUser and runAsGroup to podTemplate #22641
Conversation
helm-bot
added
Contribution Allowed
|
Hi @janekbaraniewski. Thanks for your PR. I'm waiting for a helm member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
the
needs-ok-to-test
|
/assign @viglesiasce |
There was a problem hiding this comment.
@janekbaraniewski thanks for the PR!
please rebase and also update values.yaml and the CHANGELOG
| @@ -190,6 +190,8 @@ Returns kubernetes pod template configuration as code | |||
| resourceLimitMemory: {{.Values.agent.resources.limits.memory}} | |||
| resourceRequestCpu: {{.Values.agent.resources.requests.cpu}} | |||
| resourceRequestMemory: {{.Values.agent.resources.requests.memory}} | |||
| runAsUser: {{ .Values.agent.runAsUser }} | |||
| runAsGroup: {{ .Values.agent.runAsGroup }} | |||
There was a problem hiding this comment.
could you explain your use case in more detail? these fields can be configured for both the pod and the container and I'm wondering if there's a need to support both. if so, the naming will need to account for this.
perhaps...
agent.runAsUserContainer
agent.runAsGroupContainer
agent.runAsUserPod
agent.runAsGroupPod
There was a problem hiding this comment.
Hey, I'm using custom agent sidecar image with some custom default user example which doesn't have proper permissions to use mounted jenkins workspace that's managed by jnlp container.
So in my case I only need to modify them at container level and I'm not sure if there is a need to set it at pod level. Only example I can think of is when you want to also change user in jnlp sidecar that's added to agent pod when you overwrite sideContainerName and set it to one value for all containers.
There was a problem hiding this comment.
Yeah, setting these options at the container level does seem like the more common use case.
|
@wmcdona89 Isn't it already possible to configure it using podTemplate? |
|
@torstenwalter that's true, it is possible to configure using I need to define common "base" configuration that then can have specific fields overwritten depending on environment. Since I also can't see a reason why it should be possible to do it using |
Signed-off-by: Jan Baraniewski <janekbaraniewski@gmail.com>
janekbaraniewski
force-pushed
the
jenkins/set_agent_user
branch
from
d558f25 to
68030d8
Compare
helm-bot
added
size/S
|
/ok-to-test |
k8s-ci-robot
added
ok-to-test
and removed
needs-ok-to-test
|
@torstenwalter lgtm |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: janekbaraniewski, torstenwalter The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
approved
|
/retest |
4 similar comments
|
/retest |
|
/retest |
|
/retest |
|
/retest |
Is this a new chart
No
What this PR does / why we need it:
Adds ability to configure user/group for Jenkins agent containers. Currently it's impossible to do using Jenking Configuration as a Code because of those missing values, causing failure of custom agent sidecar containers with different default user.
Special notes for your reviewer:
@lachie83 Hey, first time making a PR to charts repo so not really sure how it works, should I tag all maintainers here?
Checklist
[Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.]
[stable/mychartname])