Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: coroot - add custom initContainers #43

Merged
merged 1 commit into from
Jan 23, 2025
Merged

feat: coroot - add custom initContainers #43

merged 1 commit into from
Jan 23, 2025

Conversation

MemberIT
Copy link
Contributor

Add custom initContainers for coroot chart for fix permission error of data directory if set values of podSecurityContext and securityContext:

...
  podSecurityContext:
    fsGroup: 2000
  securityContext:
    capabilities:
      drop:
        - ALL
    readOnlyRootFilesystem: true
    runAsNonRoot: true
    runAsUser: 1000
...

For example init-chown init container:

  initContainers:
    - name: init-chown
      image: busybox
      securityContext:
        runAsNonRoot: false
        runAsUser: 0
      resources:
        limits:
          cpu: 100m
          memory: 128Mi
        requests:
          cpu: 50m
          memory: 64Mi
      command: ['sh']
      args:
        - "-c"
        - |
          set -ex
          chown 1000:2000 /data
      volumeMounts:
        - name: data
          mountPath: /data

@def
Copy link
Member

def commented Jan 15, 2025

@MemberIT, thanks for the PR!
BTW, running Coroot as a non-root user is already supported through our Kubernetes operator. You can find more details here: Coroot Kubernetes Installation.
Perhaps you might want to use it instead of plain Helm?

@def def requested a review from apetruhin January 16, 2025 07:16
@MemberIT
Copy link
Contributor Author

Thank you, @def, for providing the documentation link. However, at this time, deploying Coroot via the operator doesn’t suit our infrastructure needs (we only need one Coroot instance in our k8s cluster). Also, from what I can tell, the operator doesn’t allow us to carry over all the settings we have in our current chart—especially for the subcharts (ClickHouse and ZooKeeper).

I noticed that in the documentation, “Community Edition (Helm…” is marked as “deprecated)” Are you planning to discontinue further development of this deployment option (and focus solely on the operator)? Or do you perhaps need help in continuing the development of this option?

@def
Copy link
Member

def commented Jan 16, 2025

@MemberIT we’d love to support the Helm chart, but we’ve encountered some issues with it, such as the inability to resize PVs, as well as difficulties upgrading ClickHouse or Prometheus. Using an operator allows us to control each component more effectively, with direct access to the specs from code

@apetruhin apetruhin merged commit 2348250 into coroot:main Jan 23, 2025
@MemberIT MemberIT deleted the coroot_add_init_containers branch January 24, 2025 11:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@apetruhin apetruhin Awaiting requested review from apetruhin

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@MemberIT @def @apetruhin