Add overwriting of service account bearer token
This is a general Merge Request template. Consider to choose a template from the list above if it will match your case more.
What does this MR do?
Allows users to specify a Kubernetes service account token in their job variables This token would then be used to create the build pod. This enhances the Kubernetes Executor so that it may launch build pods into other namespaces while maintaining isolation and security among namespaces.
Why was this MR needed?
In conjunction with specifying the namespace users are currently unable to launch build pods into other namespaces without the gitlab-runner running under a service account or user that has super-user permissions. This is unsafe and creates a untenable attack vector.
Are there points in the code the reviewer needs to double check?
Does this MR meet the acceptance criteria?
- Documentation created/updated
- Added for this feature/bug
- All builds are passing
Branch has no merge conflicts with
master(if you do - rebase it please)
What are the relevant issue numbers?
Closes #2881 (closed)