[stable/jenkins] Added backup service account annotations and pod securitycontext #22730
Conversation
helm-bot
added
the
size/S
k8s-ci-robot
added
the
needs-ok-to-test
|
Hi @KrzesloSzatan. Thanks for your PR. I'm waiting for a helm member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
KrzesloSzatan
changed the title
| runAsUser: {{ default 0 .Values.backup.runAsUser }} | ||
| {{- if and (.Values.backup.runAsUser) (.Values.backup.fsGroup) }} | ||
| {{- if not (eq (int .Values.backup.runAsUser) 0) }} | ||
| fsGroup: {{ .Values.backup.fsGroup }} |
There was a problem hiding this comment.
Do you see a use case where runAsUser for backup and Jenkins would be different? Otherwise we could re-use the existing value master.runAdUser. Then we only need to configure the user in one place.
There was a problem hiding this comment.
Unfortunately, i have absolutely no idea atm. I have never needed that so cant tell if it is crucial to have them separated. For my case now, there shouldnt be any difference, but didnt check what will happen if i set the runAsUser and fsGroup in master values, untill few days ago i was working with older version ;) If there is no big problem i would leave 2 separate options, but probably either way works for me. Dunno about others.
There was a problem hiding this comment.
I suggest to use master.runAsUser
Could you change it and merge changes from Master into your branch?
|
@KrzesloSzatan please also look into the DCO check. That needs to be fixed before it can be merged. |
|
@KrzesloSzatan any update here? |
I dont know what is wrong, ive done what is written in the guide like 15 times already and its always the same. Could you please tell me what im doing wrong ? git commit --amend --signoff But there is still a problem i dont know how to resolve :/ |
|
@KrzesloSzatan your PR has three commits. One of them (85d941e) is not signed. You could rebase your changes on master interactively ( |
helm-bot
added
Contribution Allowed
) * [stable/stackdriver-exporter] update k8s deployement api version As of v1.16, k8s won't accept a deploymement with apps/v1beta1 or apps/v1beta2 apiVersion. The accepted apiVersion is apps/v1 that is available since k8s v1.9. See https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16 Signed-off-by: Jordan Abderrachid <[email protected]> * bump chart version to 1.2.3 Signed-off-by: Jordan Abderrachid <[email protected]> Signed-off-by: Maciej <[email protected]>
* Add support for GCP BackendConfig. Signed-off-by: Anas <[email protected]> * Bump chart version. Signed-off-by: Anas <[email protected]> * Document new variable. Signed-off-by: Anas <[email protected]> Signed-off-by: Maciej <[email protected]>
…#22654) Signed-off-by: Joseph Stanton <[email protected]> Signed-off-by: Maciej <[email protected]>
* [stable/unifi] adding functionality to mount extra volumes This change adds possibility to specify additional volumes when deploying Unifi controller. Signed-off-by: Marcin Iwinski <[email protected]> * fixing defaults in README.md Signed-off-by: Marcin Iwinski <[email protected]> * [stable/unifi] bumping version to 0.9.0 Signed-off-by: Marcin Iwinski <[email protected]> Signed-off-by: Maciej <[email protected]>
Signed-off-by: thomaszimmer <[email protected]> Signed-off-by: Maciej <[email protected]>
Signed-off-by: William Hutcheson <[email protected]> Co-authored-by: William Hutcheson <[email protected]> Signed-off-by: Maciej <[email protected]>
… the Cluster Agent Pod(s) (#22715) Signed-off-by: Matheus Weber da Conceição <[email protected]> Signed-off-by: Maciej <[email protected]>
* Revert "[stable/fluentd] Fix missing serviceName in HPA (#21202)" This reverts commit 1a877e5. Signed-off-by: Jeremy Mathevet <[email protected]> * Remove trailing tab Signed-off-by: Jeremy Mathevet <[email protected]> * newline at EOF Signed-off-by: Jeremy Mathevet <[email protected]> Signed-off-by: Maciej <[email protected]>
Signed-off-by: Harshavardhana <[email protected]> Signed-off-by: Maciej <[email protected]>
…rvice. (#22703) Fixes #21887 Bump version to 0.10.0 Signed-off-by: Stephen Liang <[email protected]> Signed-off-by: Maciej <[email protected]>
* update rabbitm-ha chart version from 1.46.1 to 1.46.2 Signed-off-by: yj.zeng <[email protected]> * rabbitmq readiness probe fails in some cases. Signed-off-by: yj.zeng <[email protected]> Signed-off-by: Maciej <[email protected]>
Signed-off-by: Kévin Dunglas <[email protected]> Signed-off-by: Maciej <[email protected]>
…ontext added Signed-off-by: Maciej <[email protected]>
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: KrzesloSzatan The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Well, ive done something, all commits are signed off. But dunno if i havent done more mess than it was before. |
|
@KrzesloSzatan DCO check passes, but we have quite some conflicts... |
Maybe i should just clone repo once again and do my changes, then just push it again and create another PR ? |
|
That's also ok. Looking forward to your PR. |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions. |
stale
bot
added
the
lifecycle/stale
|
/hold This chart will be moved to https://github.com/jenkinsci/helm-charts see for details #23562 |
k8s-ci-robot
added
the
do-not-merge/hold
stale
bot
removed
the
lifecycle/stale
|
👍 |
Ive checked this on my local project and it works fine, adds annotation to the service account Jenkins-backup and sets proper securitycontext to the backup pod.
What this PR does / why we need it: Adds annotations to the jenkins-backup service account and securitycontext runAsUser and fsGroup to the pod generated by backup Cronjob
Which issue this PR fixes
Special notes for your reviewer:
This is my first PR so dunno if ive done everything right, please guide me if there is something wrong.
Checklist
[Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.]
[stable/mychartname])