search

helm / helm

The Kubernetes Package Manager
https://helm.sh
Apache License 2.0
27.07k stars 7.12k forks source link

Dependancy of dependancy: null is overwrite by default values #13203

Open Baboulinet-33 opened 3 months ago

Baboulinet-33 commented 3 months ago

Hello,

In my chart I've entered argo-cd (https://artifacthub.io/packages/helm/argo-cd-oci/argo-cd) as a dependancy.

This chart has redis-ha as dependancy (https://artifacthub.io/packages/helm/dandydev-charts/redis-ha)

I'm using Openshift so I want to remove all properties runAsUser.

I try the following values.yaml:

argo-cd:
  redis-ha:
    enabled: true
    containerSecurityContext:
      runAsUser: null
    securityContext:
      runAsUser: null

But that's not overwrite default value (1000):

default values in redis-ha:

securityContext:
  runAsUser: 1000
  fsGroup: 1000
  runAsNonRoot: true

containerSecurityContext:
  runAsUser: 1000
  runAsNonRoot: true
  allowPrivilegeEscalation: false
  seccompProfile:
    type: RuntimeDefault
  capabilities:
    drop:
    - ALL

Part of the final template:

# Source: argo/charts/argo-cd/charts/redis-ha/templates/redis-ha-statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: test-redis-ha-server
  namespace: "default"
  labels:
    test-redis-ha: replica
    app: redis-ha
    heritage: "Helm"
    release: "test"
    chart: redis-ha-4.26.1
  annotations:
    {}
spec:
  selector:
    matchLabels:
      release: test
      app: redis-ha
  serviceName: test-redis-ha
  replicas: 3
  podManagementPolicy: OrderedReady
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      annotations:
        checksum/init-config: 56711e59f6421109cd28e23e8c406c1444b426c605135e7470e26b67224ec1c0
      labels:
        release: test
        app: redis-ha
        test-redis-ha: replica
    spec:
      terminationGracePeriodSeconds: 60
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            - labelSelector:
                matchLabels:
                  app: redis-ha
                  release: test
                  test-redis-ha: replica
              topologyKey: kubernetes.io/hostname
      securityContext: 
        fsGroup: 1000
        runAsNonRoot: true
        runAsUser: 1000
      serviceAccountName: test-redis-ha
      automountServiceAccountToken: false
      initContainers:
      - name: config-init
        image: public.ecr.aws/docker/library/redis:7.2.4-alpine
        imagePullPolicy: IfNotPresent
        resources:
          {}
        command:
        - sh
        args:
        - /readonly-config/init.sh
        securityContext: 
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          readOnlyRootFilesystem: true
          runAsNonRoot: true
          runAsUser: 1000
          seccompProfile:
            type: RuntimeDefault        
[...]

Any idea of what I'm doing wrong ?

gjenkins8 commented 3 months ago

thanks fore the report. unfortunately, this is a long standing issue. there are a few duplicates in the issue tracker.

I think someone recently submitted a PR with a fix, but unfortunately it has languished due to lack of time.