Closed Kampe closed 3 months ago
Just to be clear: hostUsers, is automatically determined already based on weither it can be used. (basically: stateless, non-root applications). So in 99% of cases it isn't needed to be explicitly disabled.
So i'm not 100% sure why we even have this in the docs, maybe @stavros-k can shed a light on that?
Currently the way we have it like this:
false
true
true
, we set it to true regardless of the calculations abovetrue
, we set it to true regardless of the calculations aboveCurrently there is no way to set it to false
if one of the conditions is matched.
TL;DR; currently users can manually only opt-in to hostUsers if the conditions are not met. There is no opt-out.
Here is the code for ref: https://github.com/truecharts/library-charts/blob/a1b7be52fce831b53104c3fb470172e10bf1c3ad/library/common/templates/lib/pod/_hostUsers.tpl#L13-L29
Here is the "conditions" for ref: https://github.com/truecharts/library-charts/blob/a1b7be52fce831b53104c3fb470172e10bf1c3ad/library/common/templates/lib/pod/_podSecurityContext.tpl#L4
Yeah so this is expected behavior...
This will become increasingly more of a problem if its not set as of Kubernetes 1.30 as it becomes a required field and is set automatically. This causes issues in any gitops tools as there's constantly state drift between the chart and what the API server is returning.
Functionality will change to this:
If the key is missing, or is not a bool, we will set it based on our predefined conditions. If the key is set and its a bool. We will use that value.
chart Name
common
Operating System
Talos-OS 1.7 Kubernetes 1.30
Deployment Method
Helm
Chart Version
latest
Kubernetes Events
chartlication Logs
Chart Configuration
podOptions: hostUsers: false
Describe the bug
podOptions: hostUsers: false
has no effect for any charts that utilize common.
To Reproduce
install any true chart and set podOptions.hostUsers
Expected Behavior
expected that the hostUsers field is set downstream on pods.
Screenshots
n/a
Additional Context
n/a
I've read and agree with the following
[Chart-Name]