Add Option to Configure Container securityContext
What does this MR do?
This MR adds the ability to Configure Container SecurityContext, this is necessary for hardened Kubernetes Clusters. See Sample inside the values.yaml
containerSecurityContext:
enabled: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
runAsUser: 1001
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
I can't run any Pipelines here, and I also have no Google Cloud Account to create a OpenShift / Kubernetes Cluster.
Checklist
Required
-
Merge Request Title and Description are up to date, accurate, and descriptive -
MR targeting the appropriate branch -
MR has a green pipeline on GitLab.com -
When ready for review, MR is labeled "~workflow::ready for review" per the Distribution MR workflow
Expected (please provide an explanation if not completing)
-
Test plan indicating conditions for success has been posted and passes -
Documentation created/updated -
Tests added -
Integration tests added to GitLab QA -
Equivalent MR/issue for omnibus-gitlab opened -
Validate potential values for new configuration settings. Formats such as integer 10
, duration10s
, URIscheme://user:passwd@host:port
may require quotation or other special handling when rendered in a template and written to a configuration file.
Related issues
Closes #1396 (closed)
Edited by Clemens Beck