Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Automatically manage the container-build SCC if containerBuildCapabilities are enabled #21764

Closed
l0rd opened this issue Oct 13, 2022 · 3 comments
Labels
area/che-operator Issues and PRs related to Eclipse Che Kubernetes Operator area/dashboard area/devworkspace-operator kind/enhancement A feature request - must adhere to the feature request template. kind/epic A long-lived, PM-driven feature request. Must include a checklist of items that must be completed. severity/P1 Has a major impact to usage or development of the system.

Comments

@l0rd
Copy link
Contributor

l0rd commented Oct 13, 2022

Is your enhancement related to a problem? Please describe

As mentioned in this blog post, to allow container build capabilities in workspaces admins and users have to go through some extra steps. Those steps are manual, not documented, and error prone.

Describe the solution you'd like

Che should

Once those are completed we should change the default of disableContainerBuildCapabilities to false (today the default is true:

spec:
  devEnvironments:
    disableContainerBuildCapabilities: false # initially the default is `true`
    containerBuildConfiguration:
       openShiftSecurityContextConstraint: 'container-build'
       containerOverrides: {"securityContext":{"capabilities":{"add": ["SETGID", "SETUID"]}}}
       podOverrides: {"spec": {"securityContext": {"allowPrivilegeEscalation": false}}}
@l0rd l0rd added the kind/enhancement A feature request - must adhere to the feature request template. label Oct 13, 2022
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Oct 13, 2022
@l0rd l0rd added kind/epic A long-lived, PM-driven feature request. Must include a checklist of items that must be completed. area/che-operator Issues and PRs related to Eclipse Che Kubernetes Operator area/dashboard area/devworkspace-operator area/devworkspace-che-operator severity/P1 Has a major impact to usage or development of the system. and removed status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. labels Oct 13, 2022
@tolusha
Copy link
Contributor

tolusha commented Jan 9, 2023

@l0rd
Can we close this one?

@l0rd
Copy link
Contributor Author

l0rd commented Jan 9, 2023

@tolusha yes

@l0rd l0rd closed this as completed Jan 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/che-operator Issues and PRs related to Eclipse Che Kubernetes Operator area/dashboard area/devworkspace-operator kind/enhancement A feature request - must adhere to the feature request template. kind/epic A long-lived, PM-driven feature request. Must include a checklist of items that must be completed. severity/P1 Has a major impact to usage or development of the system.
Projects
None yet
Development

No branches or pull requests

3 participants