-
Notifications
You must be signed in to change notification settings - Fork 479
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(operations/helm) add support for extraObjects #6213
base: main
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you describe a couple of use cases where this could be useful?
This has come up in the past, but I'd like for us to pinpoint some real-world problems this is solving before introducing it simply because other charts do the same.
IMHO, this might be a footgun to users. How do we debug issues arising from people reusing values.yaml files they found online, or how do we deal with security concerns around having random objects reuse the agent's RBAC resources?
In my case, I'd like to deploy the agent to forward Prometheus metrics to an endpoint via basic auth using a configuration that mounts the password from a volume on the pod. I do see this chart already provides a way to mount extra volumes, but I'm using secrets-store-csi-driver-provider-aws to fetch a secret from AWS and mount it into a volume. I'm hoping to define the SecretProviderClass that will know how to retrieve my AWS secret as part of the agent installation itself so that one operation installs a totally working agent in my cluster. I'm deploying the agent into multiple clusters via Cluster API so it takes some workarounds to provide extra configuration to Helm installs that isn't provided via their charts. I'll associate the service account to an AWS IAM role with an explicit list of permissions. That said I understand your security concerns. With this change, the user needs to understand and be responsible for what they're deploying with extraObjects. I sympathize that this complicates debugging if users are copy-paste deploying things they find online. |
A more straight forward example could be the ability to deploy an additional config map or secret to use with the |
@tpaschalis If there's little desire for this feature, I won't argue strongly otherwise. I've worked around it on my end. I appreciate your time looking at this regardless! |
Hey there, apologies for the belated response. For the time being, I'd like to hold off on this and reconsider if some other use case with no workaround. |
This PR has not had any activity in the past 30 days, so the |
@tpaschalis The simplest use case I have is this: |
PR Description
Adds support for an
extraObjects
field in chart values to add additional manifests with chart installation.Which issue(s) this PR fixes
Notes to the Reviewer
Following the model used by many charts including other Grafana ones to deploy extra objects with the chart. Thanks for your time!
PR Checklist