Adding containerSecurityContext logic to migrations chart
What does this MR do?
Adding containerSecurityContext
templating support and values to migrations chart.
Related issues
Relates #3686
Checklist
See Definition of done.
For anything in this list which will not be completed, please provide a reason in the MR discussion.
Required
-
Merge Request Title and Description are up to date, accurate, and descriptive -
MR targeting the appropriate branch -
MR has a green pipeline on GitLab.com -
When ready for review, MR is labeled "~workflow::ready for review" per the Distribution MR workflow
Expected (please provide an explanation if not completing)
-
Test plan indicating conditions for success has been posted and passes -
Documentation created/updated -
Tests added -
Integration tests added to GitLab QA -
Equivalent MR/issue for omnibus-gitlab opened -
Validate potential values for new configuration settings. Formats such as integer 10
, duration10s
, URIscheme://user:passwd@host:port
may require quotation or other special handling when rendered in a template and written to a configuration file.
Merge request reports
Activity
Hey @rgarcia65201!
Thank you for your contribution to GitLab. Please refer to the contribution flow documentation for a quick overview of the process, and the merge request (MR) guidelines for the detailed process.
Did you know about our community forks? Working from there will make your contribution process easier. Please check it out!
When you're ready for a first review, post
@gitlab-bot ready
. If you know a relevant reviewer(s) (for example, someone that was involved in a related issue), you can also assign them directly with@gitlab-bot ready @user1 @user2
.At any time, if you need help, feel free to post
@gitlab-bot help
or initiate a mentor session on Discord. Read more on how to get help.You can comment
@gitlab-bot label <label1> <label2>
to add labels to your MR. Please see the list of allowed labels in thelabel
command documentation.This message was generated automatically. You're welcome to improve it.
added Community contribution workflowin dev labels
assigned to @rgarcia65201
@gitlab-bot ready
added workflowready for review label and removed workflowin dev label
added documentation twtriaged labels
marked the checklist item When ready for review, MR is labeled "~workflow::ready for review" per the Distribution MR workflow as completed
added devopssystems groupdistribution labels
added sectioncore platform label
mentioned in issue gitlab-org/quality/triage-reports#12157 (closed)
changed milestone to %16.0
added featureaddition typefeature labels
- Resolved by Clemens Beck
@rgarcia65201 I've triggered the CI pipeline for you.
Do you mind verifying your account so CI pipeline are triggered in your upcoming MRs?
1 Warning Please check the QA job and compare with builds on master. If no new failures are reported in QA job, add 'QA:verified' label. 1 Message Please add the workflowready for review label once you think the MR is ready to for an initial review. If from a community member, ask that the Community contribution label be added as well.
Merge requests are handled according to the workflow documented in our handbook and should receive a response within the limit documented in our First-response SLO.
If you don't receive a response, please mention
@gitlab-org/distribution
, or one of our Project MaintainersGenerated by
Dangeradded workflowin review label and removed workflowready for review label
requested review from @clemensbeck
Looks good! Thanks @rgarcia65201.
Review steps:
-
pattern follows the implementation of other containerSecurityContexts -
docs updated -
green pipeline -
local testing succeeds
Testing
-
Case: default migrations container securityContexthelm template ~/repos/gitlab-chart \ --set certmanager-issuer.email=test@example.com \ --show-only charts/gitlab/charts/migrations/templates/job.yaml \ | yq '.spec.template.spec.containers[0].securityContext' runAsUser: 1000
-
Case: default initContainer securityContexthelm template ~/repos/gitlab-chart \ --set certmanager-issuer.email=test@example.com \ --show-only charts/gitlab/charts/migrations/templates/job.yaml \ | yq '.spec.template.spec.initContainers.[].securityContext' null null
-
Case: override migrations container securityContexthelm template ~/repos/gitlab-chart \ --set certmanager-issuer.email=test@example.com \ --set gitlab.migrations.containerSecurityContext.fsGroup=2000 \ --show-only charts/gitlab/charts/migrations/templates/job.yaml \ | yq '.spec.template.spec.containers[0].securityContext' fsGroup: 2000 runAsUser: 1000
-
Case: override initContainer securityContexthelm template ~/repos/gitlab-chart \ --set certmanager-issuer.email=test@example.com \ --set gitlab.migrations.init.containerSecurityContext.runAsUser=2000 \ --show-only charts/gitlab/charts/migrations/templates/job.yaml \ | yq '.spec.template.spec.initContainers.[].securityContext' runAsUser: 2000 runAsUser: 2000
-
requested review from @WarheadsSE
added QA:verified label
mentioned in commit 5fed9a54
@rgarcia65201, how was your code review experience with this merge request? Please tell us how we can continue to iterate and improve:
- React with a
or a on this comment to describe your experience. - Create a new comment starting with
@gitlab-bot feedback
below, and leave any additional feedback you have for us in the comment.
Interested in learning more tips and tricks to solve your next challenge faster? Subscribe to the GitLab Community Newsletter for contributor-focused content and opportunities to level up.
Thanks for your help!
This message was generated automatically. You're welcome to improve it.
- React with a