Skip to content

feat(helm): add pod securityContext and enhanced probe configuration support #19020

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat(helm): add pod securityContext and enhanced probe configuration support #19020

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a9bb161
feat(helm): add pod securityContext and enhanced probe configuration …
Jul 23, 2025
551fc59
fix(helm): make probe configuration optional for provisioner chart co…
Jul 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 38 additions & 0 deletions helm/coder/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,18 @@ coder:
# coder.serviceAccount.disableCreate -- Whether to create the service account or use existing service account.
disableCreate: false

# coder.podSecurityContext -- Fields related to the pod's security context.
# This allows setting pod-level security context such as fsGroup for proper
# file permissions when mounting volumes with certificates or other sensitive data.
# Example:
# podSecurityContext:
# fsGroup: 1000
# runAsNonRoot: true
# runAsUser: 1000
# runAsGroup: 1000
podSecurityContext: {}


# coder.securityContext -- Fields related to the container's security
# context (as opposed to the pod). Some fields are also present in the pod
# security context, in which case these values will take precedence.
Expand Down Expand Up @@ -211,12 +223,38 @@ coder:
# coder.readinessProbe.initialDelaySeconds -- Number of seconds after the container
# has started before readiness probes are initiated.
initialDelaySeconds: 0
# coder.readinessProbe.periodSeconds -- How often (in seconds) to perform the probe.
# Default to 10 seconds. Minimum value is 1.
# periodSeconds: 10
# coder.readinessProbe.timeoutSeconds -- Number of seconds after which the probe times out.
# Defaults to 1 second. Minimum value is 1.
# timeoutSeconds: 1
# coder.readinessProbe.successThreshold -- Minimum consecutive successes for the probe
# to be considered successful after having failed. Defaults to 1.
# Must be 1 for liveness and startup. Minimum value is 1.
# successThreshold: 1
# coder.readinessProbe.failureThreshold -- Minimum consecutive failures for the probe
# to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
# failureThreshold: 3

# coder.livenessProbe -- Liveness probe configuration for the Coder container.
livenessProbe:
# coder.livenessProbe.initialDelaySeconds -- Number of seconds after the container
# has started before liveness probes are initiated.
initialDelaySeconds: 0
# coder.livenessProbe.periodSeconds -- How often (in seconds) to perform the probe.
# Default to 10 seconds. Minimum value is 1.
# periodSeconds: 10
# coder.livenessProbe.timeoutSeconds -- Number of seconds after which the probe times out.
# Defaults to 1 second. Minimum value is 1.
# timeoutSeconds: 1
# coder.livenessProbe.successThreshold -- Minimum consecutive successes for the probe
# to be considered successful after having failed. Defaults to 1.
# Must be 1 for liveness and startup. Minimum value is 1.
# successThreshold: 1
# coder.livenessProbe.failureThreshold -- Minimum consecutive failures for the probe
# to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
# failureThreshold: 3

# coder.certs -- CA bundles to mount inside the Coder pod.
certs:
Expand Down
44 changes: 44 additions & 0 deletions helm/libcoder/templates/_coder.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,10 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.coder.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
terminationGracePeriodSeconds: 60
{{- with .Values.coder.affinity }}
affinity:
Expand Down Expand Up @@ -79,6 +83,46 @@ resources:
lifecycle:
{{- toYaml .Values.coder.lifecycle | nindent 2 }}
securityContext: {{ toYaml .Values.coder.securityContext | nindent 2 }}
{{- if .Values.coder.readinessProbe }}
readinessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
initialDelaySeconds: {{ .Values.coder.readinessProbe.initialDelaySeconds }}
{{- if hasKey .Values.coder.readinessProbe "periodSeconds" }}
periodSeconds: {{ .Values.coder.readinessProbe.periodSeconds }}
{{- end }}
{{- if hasKey .Values.coder.readinessProbe "timeoutSeconds" }}
timeoutSeconds: {{ .Values.coder.readinessProbe.timeoutSeconds }}
{{- end }}
{{- if hasKey .Values.coder.readinessProbe "successThreshold" }}
successThreshold: {{ .Values.coder.readinessProbe.successThreshold }}
{{- end }}
{{- if hasKey .Values.coder.readinessProbe "failureThreshold" }}
failureThreshold: {{ .Values.coder.readinessProbe.failureThreshold }}
{{- end }}
{{- end }}
{{- if .Values.coder.livenessProbe }}
livenessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
initialDelaySeconds: {{ .Values.coder.livenessProbe.initialDelaySeconds }}
{{- if hasKey .Values.coder.livenessProbe "periodSeconds" }}
periodSeconds: {{ .Values.coder.livenessProbe.periodSeconds }}
{{- end }}
{{- if hasKey .Values.coder.livenessProbe "timeoutSeconds" }}
timeoutSeconds: {{ .Values.coder.livenessProbe.timeoutSeconds }}
{{- end }}
{{- if hasKey .Values.coder.livenessProbe "successThreshold" }}
successThreshold: {{ .Values.coder.livenessProbe.successThreshold }}
{{- end }}
{{- if hasKey .Values.coder.livenessProbe "failureThreshold" }}
failureThreshold: {{ .Values.coder.livenessProbe.failureThreshold }}
{{- end }}
{{- end }}
{{ include "coder.volumeMounts" . }}
{{- end -}}
{{- define "libcoder.containerspec" -}}
Expand Down
Loading