Add Option to Configure Container securityContext (!697) · Merge requests · GitLab.org / Cloud Native / GitLab Operator

Patrick Omland requested to merge omland-94/gitlab-operator:container-security-context into master Oct 10, 2023

What does this MR do?

This MR adds the ability to Configure Container SecurityContext, this is necessary for hardened Kubernetes Clusters. See Sample inside the values.yaml

containerSecurityContext:
  enabled: true
  allowPrivilegeEscalation: false
  capabilities:
    drop: ["ALL"]
  runAsUser: 1001
  runAsNonRoot: true
  seccompProfile:
    type: RuntimeDefault

I can't run any Pipelines here, and I also have no Google Cloud Account to create a OpenShift / Kubernetes Cluster.

Checklist

Required

Merge Request Title and Description are up to date, accurate, and descriptive
MR targeting the appropriate branch
MR has a green pipeline on GitLab.com
When ready for review, MR is labeled "~workflow::ready for review" per the Distribution MR workflow

Expected (please provide an explanation if not completing)

Test plan indicating conditions for success has been posted and passes
Documentation created/updated
Tests added
Integration tests added to GitLab QA
Equivalent MR/issue for omnibus-gitlab opened
Validate potential values for new configuration settings. Formats such as integer 10, duration 10s, URI scheme://user:passwd@host:port may require quotation or other special handling when rendered in a template and written to a configuration file.

Related issues

Closes #1396 (closed)

Edited Oct 13, 2023 by Clemens Beck

Add Option to Configure Container securityContext

What does this MR do?

Checklist

Required

Expected (please provide an explanation if not completing)

Related issues

Merge request reports