feat(dockerExecute): Infer Kubernetes securityContext from dockerOptions #4557
Conversation
pbusko
force-pushed
the
custom-kubernetes-user
branch
from
c54563e to
85a9a43
Compare
|
/it |
There was a problem hiding this comment.
if i understand the PR correctly, we introduce a new step level configuration at the container level to have securitContext which then be passed to dockerExecute -> dockerExecuteOnKuberenetes as a example:
cnbBuild:
containers:
securityContext :
however this configuration is only jenkins specific since its related to dockerExecuteOnKubernetes and will confuse end users who might add the same configuration and expect it to run on azure / github actions
rather than that, we can have a common solutions since we already have the possibility to provide the user / group via the dockerOptions .
dockerExecute is aware of dockerOptions and we can choose security context related metadata and pass it to dockerExecuteOnKubernetes since securityContext is a parameter for dockerExecuteOnKubernetes .
this will simplify the location of adding root users and will be a common solution for jenkins/github actions / azure task
for e.g in azure task we already pass the dockerOptions to the underlying azure task and we could do same for jenkins as well i.e
Decide (pick and choose only security context related params) the security context related parameters here
and pass the selected security context when calling dockerExecuteOnKubernetes here
But why would this be any less confusing? Most of the |
pbusko
force-pushed
the
custom-kubernetes-user
branch
2 times, most recently
from
2ce4282 to
a26b3ce
Compare
pbusko
changed the title
|
@anilkeshav27 could you please review the PR? We implemented changes as requested. |
pbusko
force-pushed
the
custom-kubernetes-user
branch
from
a26b3ce to
609c1a5
Compare
|
/it |
Co-authored-by: Ralf Pannemans <[email protected]> Co-authored-by: Johannes Dillmann <[email protected]> Co-authored-by: Pavel Busko <[email protected]>
Co-authored-by: Ralf Pannemans <[email protected]> Co-authored-by: Pavel Busko <[email protected]>
pbusko
force-pushed
the
custom-kubernetes-user
branch
from
609c1a5 to
0c09e16
Compare
|
/it |
1 similar comment
|
/it |
|
@anilkeshav27 the Go integration tests seem to be fine and a review from you and/or @CCFenner is all I can see that's missing. |
|
Thanks @anilkeshav27 and @CCFenner. Are you going to do the merge? |
|
Kudos, SonarCloud Quality Gate passed!
|
|
/it-go |
…ons (SAP#4557) * Allow running as different user on Kubernetes Co-authored-by: Ralf Pannemans <[email protected]> Co-authored-by: Johannes Dillmann <[email protected]> Co-authored-by: Pavel Busko <[email protected]> * infer securityContext from dockerOptions Co-authored-by: Ralf Pannemans <[email protected]> Co-authored-by: Pavel Busko <[email protected]> * verify --user flag value --------- Co-authored-by: Johannes Dillmann <[email protected]> Co-authored-by: Ralf Pannemans <[email protected]> Co-authored-by: Anil Keshav <[email protected]>
…ons (#4557) * Allow running as different user on Kubernetes Co-authored-by: Ralf Pannemans <[email protected]> Co-authored-by: Johannes Dillmann <[email protected]> Co-authored-by: Pavel Busko <[email protected]> * infer securityContext from dockerOptions Co-authored-by: Ralf Pannemans <[email protected]> Co-authored-by: Pavel Busko <[email protected]> * verify --user flag value --------- Co-authored-by: Johannes Dillmann <[email protected]> Co-authored-by: Ralf Pannemans <[email protected]> Co-authored-by: Anil Keshav <[email protected]>
…ons (SAP#4557) * Allow running as different user on Kubernetes Co-authored-by: Ralf Pannemans <[email protected]> Co-authored-by: Johannes Dillmann <[email protected]> Co-authored-by: Pavel Busko <[email protected]> * infer securityContext from dockerOptions Co-authored-by: Ralf Pannemans <[email protected]> Co-authored-by: Pavel Busko <[email protected]> * verify --user flag value --------- Co-authored-by: Johannes Dillmann <[email protected]> Co-authored-by: Ralf Pannemans <[email protected]> Co-authored-by: Anil Keshav <[email protected]>
Changes
The
dockerExecutestep will takesecurityContextrelevant arguments fromdockerOptionsand pass it to thedockerExecuteOnKubernetes