From fee72e5c16e9d13c251db0d6d75b9cf3888df1d0 Mon Sep 17 00:00:00 2001 From: Henrik Gerdes Date: Sat, 24 May 2025 16:18:21 +0200 Subject: [PATCH] feat: allow users to run coredns in usernamespaces Signed-off-by: Henrik Gerdes --- charts/coredns/Chart.yaml | 6 +++--- charts/coredns/README.md | 3 ++- charts/coredns/templates/deployment.yaml | 3 +++ charts/coredns/values.yaml | 3 +++ 4 files changed, 11 insertions(+), 4 deletions(-) diff --git a/charts/coredns/Chart.yaml b/charts/coredns/Chart.yaml index 01f22cf50..83e16c0c8 100644 --- a/charts/coredns/Chart.yaml +++ b/charts/coredns/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: coredns -version: 1.45.0 +version: 1.45.1 appVersion: 1.13.1 home: https://coredns.io icon: https://coredns.io/images/CoreDNS_Colour_Horizontal.png @@ -19,5 +19,5 @@ maintainers: type: application annotations: artifacthub.io/changes: | - - kind: changed - description: Bump to CoreDNS 1.13.1 + - kind: added + description: Add support to run pods in usernamespaces diff --git a/charts/coredns/README.md b/charts/coredns/README.md index 3feeb2646..2731c1f2d 100644 --- a/charts/coredns/README.md +++ b/charts/coredns/README.md @@ -110,7 +110,7 @@ The command removes all the Kubernetes components associated with the chart and | Parameter | Description | Default | | :--------------------------------------------- |:------------------------------------------------------------------------------------------------------------------------------------------| :----------------------------------------------------------- | | `image.repository` | The image repository to pull from | coredns/coredns | -| `image.tag` | The image tag to pull from (derived from Chart.yaml) | `` | +| `image.tag` | The image tag to pull from (derived from Chart.yaml) | `` | | `image.pullPolicy` | Image pull policy | IfNotPresent | | `image.pullSecrets` | Specify container image pull secrets | `[]` | | `replicaCount` | Number of replicas | 1 | @@ -144,6 +144,7 @@ The command removes all the Kubernetes components associated with the chart and | `isClusterService` | Specifies whether chart should be deployed as cluster-service or normal k8s app. | true | | `priorityClassName` | Name of Priority Class to assign pods | `""` | | `securityContext` | securityContext definition for pods | capabilities.add.NET_BIND_SERVICE | +| `hostUsers` | Specifies whether to use usernamespaces or not | true | | `servers` | Configuration for CoreDNS and plugins | See values.yml | | `livenessProbe.enabled` | Enable/disable the Liveness probe | `true` | | `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `60` | diff --git a/charts/coredns/templates/deployment.yaml b/charts/coredns/templates/deployment.yaml index ad8f32dcd..7a7b891c4 100644 --- a/charts/coredns/templates/deployment.yaml +++ b/charts/coredns/templates/deployment.yaml @@ -72,6 +72,9 @@ spec: {{- if .Values.isClusterService }} dnsPolicy: Default {{- end }} + {{- if not .Values.hostUsers }} + hostUsers: false + {{- end }} {{- if .Values.affinity }} affinity: {{ tpl (toYaml .Values.affinity) $ | indent 8 }} diff --git a/charts/coredns/values.yaml b/charts/coredns/values.yaml index 9f05dbad6..6099cbe77 100644 --- a/charts/coredns/values.yaml +++ b/charts/coredns/values.yaml @@ -102,6 +102,9 @@ securityContext: - ALL readOnlyRootFilesystem: true +# Uses users of the host system. If set to false uses usernamespaces. Requires Kubernetes >= 1.33 +hostUsers: true + # Default zone is what Kubernetes recommends: # https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#coredns-configmap-options servers: