fix: Extract a template for the nextcloud container (app/cronjob)#712
fix: Extract a template for the nextcloud container (app/cronjob)#712MartinKirchner wants to merge 1 commit intonextcloud:mainfrom
Conversation
Signed-off-by: Martin Kirchner <martin.kirchner@cas.de>
MartinKirchner
force-pushed
the
feature/containerTemplate
branch
from
998259a to
d5fa9ce
Compare
| volumeMounts: | ||
| {{- include "nextcloud.volumeMounts" . | trim | nindent 12 }} | ||
| {{- $containerName := printf "%s-cron" .Chart.Name }} | ||
| {{- include "nextcloud.container" ( dict "containerName" $containerName "securityContext" .Values.cronjob.securityContext "rootContext" $ "context" .Values.cronjob ) | nindent 8 }} |
There was a problem hiding this comment.
why we need securityContext, if we has already context ?
There was a problem hiding this comment.
oh i see -> do you like to move the values.yaml (and make a breaking change / bump to major)?
remembers me on #379 (comment)
There was a problem hiding this comment.
@wrenix If it's okay for you I'd rather remove the securityContext for the app container (as it is deprecated anyhow).
As for the major version - I hope you remember that my actual goal is to move the cron sidecar to a Kubernetes CronJob.
- Do you think the Kubernetes Cronjob has a chance to make it's way into this chart?
- If so, does it make sense to combine these two changes in one new major version?
- What do you propose on how to proceed?
There was a problem hiding this comment.
Might be unrelated but securityContext is not deprecated right?
One more important thing to know about PodSecurityPolicy: it’s not the same as PodSecurityContext.
A part of the Pod specification, PodSecurityContext (and its per-container counterpart SecurityContext) is the collection of fields that specify many of the security-relevant settings for a Pod. The security context dictates to the kubelet and container runtime how the Pod should actually be run. In contrast, the PodSecurityPolicy only constrains (or defaults) the values that may be set on the security context.
The deprecation of PSP does not affect PodSecurityContext in any way.
https://kubernetes.io/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/
| - name: {{ .containerName }} | ||
| image: {{ include "nextcloud.image" .rootContext }} | ||
| imagePullPolicy: {{ .rootContext.Values.image.pullPolicy }} | ||
| {{- if .context.command }} |
wrenix
changed the title
3 participants
Description of the change
Use a helper template to define the containers for app/cronjob.
Benefits
Possible drawbacks
None known.
Applicable issues
Additional information
Checklist
Chart.yamlaccording to semver.