Support allowList for podSpec for the Kubernetes executor
What does this MR do?
For this first implementation only the merge
and strategic
patch type are supported. More work is needed to identify the best way to support the json
patch type. The job will therefore fail if a json
patch type is provided.
To introduce support for named PodSpecs
in the gitlab-ci.yaml
for the Kubernetes executor, we need a method for administrators to configure which PodSpec properties are customizable. This MR introduces validation using JSON schema
to enforce this configuration.
The validation primarily targets the PodSpecs provided via gitlab-ci.yaml
, and the job will fail if an unauthorized property is set in any of them. Currently, only the merge
and strategic
patch types are supported. Further work is required to determine the best approach for supporting the json
patch type, and the job will fail if a json
patch type is provided.
Why was this MR needed?
It is a necessary step to implement the feature in the issue gitlab#396361
What's the best way to test this MR?
Unit Tests