From 20b8795c525e98d1095323ebc95c3eebba400401 Mon Sep 17 00:00:00 2001
From: Sondre Helstrup <61873694+sondre-helstrup@users.noreply.github.com>
Date: Tue, 9 Sep 2025 16:31:41 +0200
Subject: [PATCH] feat: Add ability to set hostUsers on Pods

---
 docs/content/docs/advanced-topics/helm-deployment.md | 1 +
 src/helm/blue-agent/templates/_helpers.tpl           | 3 +++
 src/helm/blue-agent/values.yaml                      | 5 +++++
 3 files changed, 9 insertions(+)

diff --git a/docs/content/docs/advanced-topics/helm-deployment.md b/docs/content/docs/advanced-topics/helm-deployment.md
index 20a62984..cc385637 100644
--- a/docs/content/docs/advanced-topics/helm-deployment.md
+++ b/docs/content/docs/advanced-topics/helm-deployment.md
@@ -23,6 +23,7 @@ Helm is a package manager for Kubernetes, allowing to easily deploy applications
 | `extraVolumeMounts`                      | Additional volume mounts for the agent container                                                                                                                                                                                                                                                        | `[]`                                                                                                                                                            |
 | `extraVolumes`                           | Additional volumes for the agent pod                                                                                                                                                                                                                                                                    | `[]`                                                                                                                                                            |
 | `fullnameOverride`                       | Overrides release fullname                                                                                                                                                                                                                                                                              | `""`                                                                                                                                                            |
+| `hostUsers`                              | Use the host's [user namespace](https://kubernetes.io/docs/concepts/workloads/pods/user-namespaces/). This field is available starting with Kubernetes 1.27. If unset, Kubernetes defaults to true.                                                                                                     | _None_                                                                                                                                                          |
 | `image.flavor`                           | Container image tag, can be `bookworm`, `jammy`, `noble`, `ubi8`, `ubi9`, `win-ltsc2022`, or `win-ltsc2025`                                                                                                                                                                                             | `bookworm`                                                                                                                                                      |
 | `image.isWindows`                        | Turn on is the agent is a Windows-based system                                                                                                                                                                                                                                                          | `false`                                                                                                                                                         |
 | `image.pullPolicy`                       | Container image pull policy                                                                                                                                                                                                                                                                             | `IfNotPresent`                                                                                                                                                  |
diff --git a/src/helm/blue-agent/templates/_helpers.tpl b/src/helm/blue-agent/templates/_helpers.tpl
index 262f2f69..70dc1aca 100644
--- a/src/helm/blue-agent/templates/_helpers.tpl
+++ b/src/helm/blue-agent/templates/_helpers.tpl
@@ -139,6 +139,9 @@ initContainers:
 {{- end }}
 terminationGracePeriodSeconds: {{ .Values.pipelines.timeout | int | required "A value for .Values.pipelines.timeout is required" }}
 restartPolicy: {{ .Args.restartPolicy }}
+{{- with .Values.hostUsers }}
+hostUsers: {{ . }}
+{{- end }}
 containers:
   {{- if .Values.sidecarContainers -}}
   {{- toYaml .Values.sidecarContainers | trim | nindent 2 }}
diff --git a/src/helm/blue-agent/values.yaml b/src/helm/blue-agent/values.yaml
index 5ec0e7a0..2210174a 100644
--- a/src/helm/blue-agent/values.yaml
+++ b/src/helm/blue-agent/values.yaml
@@ -138,6 +138,11 @@ tolerations: []
 # Pod affinity configuration
 affinity: {}
 
+# Use the host's user namespace.
+# This field is available starting with Kubernetes 1.27.
+# If unset, Kubernetes defaults to true.
+hostUsers: null
+
 # Number of revisions to keep in the history of the Deployment
 revisionHistoryLimit: 10