Add kubernetes runners allowPrivilegeEscalation security context configuration (#26998) · Issues · GitLab.org / gitlab-runner

Add kubernetes runners allowPrivilegeEscalation security context configuration

Description

Provide the capability to configure the allowPrivilegeEscalation security context for the runner instances started on a kubernetes cluster that has OPA enabled:

ERROR: Job failed (system failure): prepare environment: admission webhook "validation.gatekeeper.sh" denied the request: [denied by psp-allow-privilege-escalation-container] Privilege escalation container is not allowed: build
[denied by psp-allow-privilege-escalation-container] Privilege escalation container is not allowed: helper. Check https://docs.gitlab.com/runner/shells/index.html#shell-profile-loading for more information

Proposal

Add new configuration option allow-privilege-escalation for runners.kubernetes that allow the user to specify the expected security context for the runner contianers.

Links to related issues and merge requests / references

MR !2430 (merged)

Edited Sep 23, 2020 by Horatiu Eugen Vlad