Skip to content

Kubernetes executor container security context

Georgi N. Georgiev requested to merge kubernetes-container-security-context into main

What does this MR do?

Allows specifying security context for build, helper and service containers that overrides the pod security context, capAdd/capDrop and allowPrivilegeEscalation settings.

Why was this MR needed?

Finish !1507 (closed)

What's the best way to test this MR?

Setup a config.toml by following the documentation from this MR. E.g. Setting run_as_user on the pod_security_context and helper_security_context should result in the pod and container having the two different values, in other words, container specific settings should always override pod specific settings. The same goes for capAdd/capDrop and allowPrivilegeEscalation.

Also there are a lot of tests which should cover this functionality well enough without the need of manual testing

What are the relevant issue numbers?

Closes #4518 (closed)

Edited by Georgi N. Georgiev

Merge request reports