Skip to content

feat: Allow arbitrary podSpec in migration-job and crd-install jobs for operator chart#1288

Open
localleon wants to merge 3 commits intoredpanda-data:mainfrom
localleon:podspec
Open

feat: Allow arbitrary podSpec in migration-job and crd-install jobs for operator chart#1288
localleon wants to merge 3 commits intoredpanda-data:mainfrom
localleon:podspec

Conversation

@localleon
Copy link
Copy Markdown

Closes #1287

This extends the Redpanda Operator Helm chart to allow configurable security contexts and other pod spec settings for pre-install CRD job and post-upgrade migration job hooks via new top-level values fields.

Values Configuration

  1. Customize the CRD pre-install hook Job's pod spec (securityContext, tolerations, nodeSelector, etc.)
  2. Customize the post-upgrade migration hook Job's pod spec

Implementation Details

  • Added CRDs.PodTemplate and MigrationJob.PodTemplate structs to values.go
  • Updated pre_install_crd_job.go and post_upgrade_migration_job.go to apply [StrategicMergePatch] when overrides are provided
  • Merged via StrategicMergePatch semantics on top of chart-managed defaults
  • Only the spec field is merged (not metadata) to avoid nil pointer issues when users provide spec-only overrides
crds:
  enabled: true
  podTemplate:
    spec:
      securityContext:
        runAsNonRoot: true
        runAsUser: 65532
      containers:
        - name: crd-installation
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true

migrationJob:
  podTemplate:
    spec:
      securityContext:
        runAsNonRoot: true
      tolerations:
        - key: workload
          operator: Equal
          value: batch
          effect: NoSchedule

I've regenerated the charts using the taskfile and performed manual validation (helm template), if the rednering is successfull with both jobs!

@CLAassistant
Copy link
Copy Markdown

CLAassistant commented Mar 9, 2026

CLA assistant check
All committers have signed the CLA.

@github-actions
Copy link
Copy Markdown

This PR is stale because it has been open 5 days with no activity. Remove stale label or comment or this will be closed in 5 days.

@github-actions github-actions bot added the stale label Mar 15, 2026
@localleon
Copy link
Copy Markdown
Author

Dear all, would you be so kind and review the PR?

Thanks in advance!

@github-actions github-actions bot removed the stale label Mar 18, 2026
@github-actions
Copy link
Copy Markdown

This PR is stale because it has been open 5 days with no activity. Remove stale label or comment or this will be closed in 5 days.

@github-actions github-actions bot added the stale label Mar 24, 2026
@localleon
Copy link
Copy Markdown
Author

Still there :-)

@github-actions github-actions bot removed the stale label Mar 25, 2026
@github-actions
Copy link
Copy Markdown

This PR is stale because it has been open 5 days with no activity. Remove stale label or comment or this will be closed in 5 days.

@github-actions github-actions bot added the stale label Mar 30, 2026
@localleon
Copy link
Copy Markdown
Author

@andrewstucki @ivotron @RafalKorepta @hidalgopl @david-yu would anyone of you please be so kind and take a look at the PR?

Thanks in advance!

@redpanda-data redpanda-data deleted a comment from CLAassistant Apr 2, 2026
@github-actions github-actions bot removed the stale label Apr 3, 2026
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 9, 2026

This PR is stale because it has been open 5 days with no activity. Remove stale label or comment or this will be closed in 5 days.

@github-actions github-actions bot added the stale label Apr 9, 2026
@localleon
Copy link
Copy Markdown
Author

Still here ;-)

@andrewstucki
Copy link
Copy Markdown
Contributor

Hi @localleon -- been quite busy with a number of other things so haven't had too much time to look at this. At minimum one of us will have to close and re-open this as a local-to-this-repo branch as that's the only way CI will run. That said, I'm generally fine with this idea since we have the ability to merge in arbitrary pod spec to actual brokers today, so why not the migration/CRD jobs? But just need to discuss internally whether this is something we want to support. Thanks for the contribution and we'll get back about it soon!

@andrewstucki andrewstucki removed the stale label Apr 9, 2026
@localleon
Copy link
Copy Markdown
Author

Thanks for the response @andrewstucki! If theres anything to do, let me know!

@github-actions
Copy link
Copy Markdown

This PR is stale because it has been open 5 days with no activity. Remove stale label or comment or this will be closed in 5 days.

@github-actions github-actions bot added the stale label Apr 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Unable to set securityContext for crd-installation Job via values; operatorSecurityContext appears unused/deprecated

3 participants