Support allowList for podSpec for the Kubernetes executor
What does this MR do?
For this first implementation only the merge and strategic patch type are supported. More work is needed to identify the best way to support the json patch type. The job will therefore fail if a json patch type is provided.
To introduce support for named PodSpecs in the gitlab-ci.yaml for the Kubernetes executor, we need a method for administrators to configure which PodSpec properties are customizable. This MR introduces validation using JSON schema to enforce this configuration.
The validation primarily targets the PodSpecs provided via gitlab-ci.yaml, and the job will fail if an unauthorized property is set in any of them. Currently, only the merge and strategic patch types are supported. Further work is required to determine the best approach for supporting the json patch type, and the job will fail if a json patch type is provided.
Why was this MR needed?
It is a necessary step to implement the feature in the issue gitlab#396361
What's the best way to test this MR?
Unit Tests