Skip to content

Add ability to pass 'dnsConfig' and 'securityContext' attributes in the 'operator' deployment resource.#2069

Open
mihkelparna1 wants to merge 1 commit intoNVIDIA:mainfrom
mihkelparna1:OperatorAdditionalFields
Open

Add ability to pass 'dnsConfig' and 'securityContext' attributes in the 'operator' deployment resource.#2069
mihkelparna1 wants to merge 1 commit intoNVIDIA:mainfrom
mihkelparna1:OperatorAdditionalFields

Conversation

@mihkelparna1
Copy link
Copy Markdown

@mihkelparna1 mihkelparna1 commented Jan 26, 2026
edited by rajathagasthya
Loading

Fixes #2070

Description

  • Add ability to pass 'dnsConfig' and 'securityContext' attributes in the 'operator' deployment resource.

Checklist

  • No secrets, sensitive information, or unrelated changes
  • Lint checks passing (make lint)
  • Generated assets in-sync (make validate-generated-assets)
  • Go mod artifacts in-sync (make validate-modules)
  • Test cases are added for new code paths

Testing

Tested out by rendering out all options ( Fields set, fields unset, rendering both options )

@copy-pr-bot
Copy link
Copy Markdown

copy-pr-bot Bot commented Jan 26, 2026

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

@mihkelparna1 mihkelparna1 force-pushed the OperatorAdditionalFields branch from 420116b to 62fc72b Compare January 26, 2026 10:40
@mihkelparna1 mihkelparna1 mentioned this pull request Jan 26, 2026
Open
rajathagasthya
rajathagasthya reviewed Feb 2, 2026
View reviewed changes
Comment thread deployments/gpu-operator/templates/operator.yaml Outdated
@rajathagasthya
Copy link
Copy Markdown
Contributor

rajathagasthya commented Feb 2, 2026

/ok-to-test 62fc72b

rajathagasthya
rajathagasthya reviewed Feb 2, 2026
View reviewed changes
Comment thread deployments/gpu-operator/templates/operator.yaml Outdated
@rajathagasthya
Copy link
Copy Markdown
Contributor

rajathagasthya commented Apr 30, 2026

@mihkelparna1 Would you be able to address the review comments so we can get this PR merged soon? Thanks!

@mihkelparna1 @rajathagasthya
Add ability to pass 'dnsConfig' and 'securityContext' attributes in t…
064b47b 
…he 'operator' deployment resource.

Signed-off-by: Mihkel Pärna <mihkel.parna@wise.com>
Signed-off-by: Mihkel Pärna <mihkel.parna@transferwise.com>
@rajathagasthya rajathagasthya force-pushed the OperatorAdditionalFields branch from 62fc72b to 064b47b Compare May 1, 2026 15:36
@rajathagasthya
Copy link
Copy Markdown
Contributor

rajathagasthya commented May 1, 2026

/ok-to-test 064b47b

@rajathagasthya
Copy link
Copy Markdown
Contributor

rajathagasthya commented May 1, 2026

Testing steps

Additive dnsConfig

Adds search domains and a custom nameserver on top of the cluster DNS. dnsPolicy
left empty so it falls back to k8s default (ClusterFirst).

operator:
  dnsConfig:
    nameservers:
      - 1.1.1.1
    searches:
      - corp.example.com
    options:
      - name: ndots
        value: "2"
      - name: timeout
        value: "1"
  securityContext:
    runAsNonRoot: true
    runAsUser: 65532
    runAsGroup: 65532
    fsGroup: 65532
    seccompProfile:
      type: RuntimeDefault

dnsPolicy: None

Forces the pod to ignore cluster DNS entirely. Useful to confirm the new dnsPolicy
template branch works.

operator:
  dnsPolicy: None
  dnsConfig:
    nameservers:
      - 8.8.8.8
      - 8.8.4.4
    searches:
      - svc.cluster.local
      - cluster.local
    options:
      - name: ndots
        value: "5"

@rahulait
Copy link
Copy Markdown
Contributor

rahulait commented May 1, 2026
edited
Loading

Thanks for the PR @mihkelparna1. Is this change required only for gpu-operator deployment? We have a bunch of other operands provisioned by gpu-operator once installed, so they should also get blocked if kyverno/OPA wants them to be set before admitting resources. Are you not seeing them blocked in your case? Trying to make sense as to why only gpu-operator deployment (seen during helm rendering) needs this and not the rest of the operands (rendered later on by gpu-operator pod).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rajathagasthya rajathagasthya rajathagasthya left review comments

@ArangoGutierrez ArangoGutierrez Awaiting requested review from ArangoGutierrez

@cdesiniotis cdesiniotis Awaiting requested review from cdesiniotis cdesiniotis is a code owner

@elezar elezar Awaiting requested review from elezar

@shivamerla shivamerla Awaiting requested review from shivamerla shivamerla is a code owner

@tariq1890 tariq1890 Awaiting requested review from tariq1890 tariq1890 is a code owner

@karthikvetrivel karthikvetrivel Awaiting requested review from karthikvetrivel karthikvetrivel is a code owner

@rahulait rahulait Awaiting requested review from rahulait rahulait is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Feature]: Add ability to set 'dnsConfig' and 'securityContext' values for Operator resource ( Helm )

3 participants

@mihkelparna1 @rajathagasthya @rahulait