Skip to content

[kube-state-metrics]: add option to set user namespaces #6024

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
+7 −1
Open

[kube-state-metrics]: add option to set user namespaces #6024

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
08c5e1c
[kube-state-metrics]: add option to set user namespaces
KyriosGN0 Aug 7, 2025
14c9725
[kube-state-metrics]: consistently use / in probes path (#6048)
yellowhat Aug 26, 2025
cfb8990
[kube-state-metrics]: bump chart version
KyriosGN0 Sep 6, 2025
581409d
revert changes
KyriosGN0 Sep 6, 2025
5a65af3
Merge branch 'main' into ksm-user-ns
dacamposol Sep 23, 2025
8477a98
bump chart version
KyriosGN0 Sep 23, 2025
b216d1c
use ternary operator to show error if none bool value are used
KyriosGN0 Oct 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion charts/kube-state-metrics/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ keywords:
- prometheus
- kubernetes
type: application
version: 6.4.0
version: 6.5.0
# renovate: github-releases=kubernetes/kube-state-metrics
appVersion: 2.17.0
home: https://github.com/kubernetes/kube-state-metrics/
Expand Down
3 changes: 3 additions & 0 deletions charts/kube-state-metrics/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,9 @@ spec:
{{ toYaml .Values.podAnnotations | nindent 8 }}
{{- end }}
spec:
{{- if and (semverCompare ">=1.33-0" .Capabilities.KubeVersion.Version) (kindIs "bool" .Values.hostUsers) }}
hostUsers: {{ .Values.hostUsers }}
{{- end }}
Copy link
Contributor

@dacamposol dacamposol Sep 23, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd prefer to avoid no-op rendering. Current implementation would only apply the field if the value is a boolean, but Helm will render nothing if it's not, which may be difficult to debug.

I would recommend something more idiomatic, like:

Suggested change
{{- if and (semverCompare ">=1.33-0" .Capabilities.KubeVersion.Version) (kindIs "bool" .Values.hostUsers) }}
hostUsers: {{ .Values.hostUsers }}
{{- end }}
{{- if and (semverCompare ">=1.33-0" .Capabilities.KubeVersion.Version) (not (empty .Values.hostUsers)) }}
hostUsers: {{ ternary "true" "false" .Values.hostUsers }}
{{- end }}

This would skip rendering when the key is missing or explicitly nil, it would not silently fail when the key has any value, but it would still enforce the value of the flag to hold a boolean value.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dacamposol, I see, this makes a lot of sense, i applied this recommendation

automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
hostNetwork: {{ .Values.hostNetwork }}
serviceAccountName: {{ template "kube-state-metrics.serviceAccountName" . }}
Expand Down
3 changes: 3 additions & 0 deletions charts/kube-state-metrics/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,9 @@ extraArgs: []
# If false then the user will opt out of automounting API credentials.
automountServiceAccountToken: true

# -- Use the host's user namespace available in kubernetes 1.33+.
hostUsers: nil
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why nil and not false by default?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

to allow users to opt-in into setting this value, since its a new field in beta not all k8s distribution support it by default


service:
port: 8080
# Default to clusterIP for backward compatibility
Expand Down