Add allowed images and services restrictions to Kubernetes executor (!840) · Merge requests · GitLab.org / gitlab-runner

Vicky Chijwani requested to merge vickyc/gitlab-runner:2893-allowed-images-k8s-executor into master Feb 18, 2018

What does this MR do?

Adds the allowed_images and allowed_services features of the Docker executor to the Kubernetes executor as well.

Why was this MR needed?

For security reasons, developers at my company can only run pre-approved Docker images in Kubernetes. This change will allow us to restrict Runner images on k8s for this purpose.

Are there points in the code the reviewer needs to double check?

I've pulled out the VerifyAllowedImages function into AbstractExecutor - let me know if it should go elsewhere.

Does this MR meet the acceptance criteria?

Documentation created/updated
Tests
- Added for this feature/bug
- All builds are passing
Branch has no merge conflicts with master (if you do - rebase it please)

What are the relevant issue numbers?

Closes #2893 (closed)

Edited Apr 05, 2018 by Vicky Chijwani

Admin message

Add allowed images and services restrictions to Kubernetes executor

What does this MR do?

Why was this MR needed?

Are there points in the code the reviewer needs to double check?

Does this MR meet the acceptance criteria?

What are the relevant issue numbers?

Merge request reports