Skip to content

charts: Permit setting hostUsers for deployment #4371

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
jcpunk wants to merge 1 commit into
base: main
Choose a base branch
from
Open

charts: Permit setting hostUsers for deployment #4371

jcpunk wants to merge 1 commit into from
+161 −0

Conversation

@jcpunk
Copy link
Contributor

@jcpunk jcpunk commented Jan 16, 2026
edited
Loading

Summary

Adds a flag for folks to opt into user namespaces.

Changes

  • Added flag to values.yaml and deployment.yaml

Steps to Test

  1. render chart, get current kubernetes default
  2. change hostUsers
  3. render chart, get new value

Notes for the Reviewer

https://kubernetes.io/docs/concepts/workloads/pods/user-namespaces/

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Jan 16, 2026
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Jan 16, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: jcpunk
Once this PR has been reviewed and has the lgtm label, please assign sniok for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Jan 16, 2026
@k8s-ci-robot k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Jan 16, 2026
@illume illume requested a review from Copilot January 17, 2026 01:05
Copilot AI reviewed Jan 17, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request adds support for configuring the Kubernetes hostUsers field in Headlamp pod specifications, allowing users to opt into user namespace isolation for enhanced security. The default value of true maintains backward compatibility by keeping the current behavior (user namespaces disabled).

Changes:

  • Added hostUsers configuration flag to values.yaml with a default value of true
  • Updated deployment template to include the hostUsers field in the pod spec
  • Updated all 19 test expected output files to include the new hostUsers field

Reviewed changes

Copilot reviewed 21 out of 21 changed files in this pull request and generated 2 comments.

File Description
charts/headlamp/values.yaml Adds new hostUsers configuration field with default value of true and minimal documentation
charts/headlamp/templates/deployment.yaml Incorporates hostUsers value from configuration into pod spec
charts/headlamp/tests/expected_templates/*.yaml Updates all test expected outputs to include hostUsers: true in pod specs

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@jcpunk jcpunk force-pushed the hostUsers branch 2 times, most recently from c8ba436 to 1b3df72 Compare January 20, 2026 14:46
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Jan 20, 2026
@jcpunk
Copy link
Contributor Author

jcpunk commented Jan 20, 2026

In theory, copilot's review has been addressed.

@illume illume requested a review from Copilot February 1, 2026 17:04
illume
illume requested changes Feb 1, 2026
View reviewed changes
Copy link
Contributor

@illume illume left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please add some docs for this to the charts/README.md ?

I'm wondering what the impact will be on existing users of the charts?

Copilot AI reviewed Feb 1, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 23 out of 23 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@jcpunk
Copy link
Contributor Author

jcpunk commented Feb 2, 2026

I've updated the documentation. Since it defaults to the current kubernetes default setting, I don't think existing users will notice any change. It will start letting folks opt-in to user namespaces.

@illume
Copy link
Contributor

illume commented Feb 2, 2026

@jcpunk thanks for that. Are you able to see about the github check failure?

make helm-template-test

@illume illume added this to the v0.40.0 milestone Feb 2, 2026
@jcpunk
Copy link
Contributor Author

jcpunk commented Feb 2, 2026

perhaps that is better

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@illume illume illume requested changes

@skoeva skoeva Awaiting requested review from skoeva

@vyncent-t vyncent-t Awaiting requested review from vyncent-t

Assignees

No one assigned

Labels

cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

v0.40.0

Development

Successfully merging this pull request may close these issues.

3 participants

@jcpunk @k8s-ci-robot @illume