Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release-1.14]: Configure the securityContext, resources and pod annotations in helm #1872

Merged
merged 7 commits into from
Aug 23, 2024
Merged

[release-1.14]: Configure the securityContext, resources and pod annotations in helm #1872

merged 7 commits into from
Aug 23, 2024

Conversation

houshengbo
Copy link
Contributor

@houshengbo houshengbo commented Aug 22, 2024
edited
Loading

Fixed: #1869

@knative-prow knative-prow bot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Aug 22, 2024
@houshengbo houshengbo changed the title Configure helm [release-1.14]: Configure the securityContext and resources in helm Aug 22, 2024
@houshengbo houshengbo changed the title [release-1.14]: Configure the securityContext and resources in helm [release-1.14]: Configure the securityContext, resources and pod annotations in helm Aug 22, 2024
yuzisun
yuzisun reviewed Aug 22, 2024
View reviewed changes
config/charts/knative-operator/templates/operator.yaml
@@ -48,6 +48,10 @@ metadata:
app.kubernetes.io/component: operator-webhook
app.kubernetes.io/version: "{{ .Chart.Version }}"
app.kubernetes.io/name: knative-operator
{{- if and .Values.knative_operator.operator_webhook.annotations }}
Copy link

@yuzisun yuzisun Aug 22, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the annotations under the metadata are not necessarily the same as the annotations on the template/metadata.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just remove this section.

yuzisun
yuzisun reviewed Aug 22, 2024
View reviewed changes
config/charts/knative-operator/templates/operator.yaml
@@ -114,14 +130,23 @@ spec:
value: knative.dev/operator
- name: KUBERNETES_MIN_VERSION
value: "{{ .Values.knative_operator.kubernetes_min_version }}"
{{- if and .Values.knative_operator.operator_webhook.securityContext }}
securityContext:
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is also another securityContext on the pod level

Copy link
Contributor Author

@houshengbo houshengbo Aug 22, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

but the yaml does not have it by default, if .Values.knative_operator.operator_webhook.securityContext is not available, do not add it.

yuzisun
yuzisun reviewed Aug 23, 2024
View reviewed changes
config/charts/knative-operator/values.yaml Outdated
@@ -2,7 +2,29 @@ knative_operator:
knative_operator:
image: gcr.io/knative-releases/knative.dev/operator/cmd/operator
tag: {{ tag }}
securityContext:
Copy link

@yuzisun yuzisun Aug 23, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's rename to containerSecurityContext in case we want to add pod securityContext later

see istio https://bbgithub.dev.bloomberg.com/kaas-helm-charts/istio-gateway/blob/main/values.yaml#L40

@knative-prow knative-prow bot added the lgtm Indicates that a PR is ready to be merged. label Aug 23, 2024
@knative-prow Knative Prow
Copy link

knative-prow bot commented Aug 23, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: houshengbo, yuzisun

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@knative-prow knative-prow bot merged commit 62d2d17 into knative:release-1.14 Aug 23, 2024
19 checks passed
@houshengbo
Copy link
Contributor Author

/cherry-pick release-1.15

@knative-prow-robot
Copy link
Contributor

@houshengbo: new pull request created: #1876

In response to this:

/cherry-pick release-1.15

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@knative-prow-robot knative-prow-robot mentioned this pull request Aug 24, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yuzisun yuzisun yuzisun approved these changes

@matzew matzew Awaiting requested review from matzew

@maximilien maximilien Awaiting requested review from maximilien

Assignees

@yuzisun yuzisun

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@houshengbo @knative-prow-robot @yuzisun