Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kubernetes support of SecurityContext configuration #24089

Merged
merged 1 commit into from
Mar 21, 2022
Merged

Kubernetes support of SecurityContext configuration #24089

merged 1 commit into from
Mar 21, 2022

Conversation

Sgitario
Copy link
Contributor

@Sgitario Sgitario commented Mar 4, 2022

Allow to configure the security context section in the pods for Kubernetes, OpenShift and Knative.

Fix #23866

@Sgitario
feat: Kubernetes support of SecurityContext configuration
d3a366b 
Allow to configure the security context section in the pods for Kubernetes, OpenShift and Knative.

Fix quarkusio#23866
@quarkus-bot
Copy link

quarkus-bot bot commented Mar 4, 2022

Thanks for your pull request!

The title of your pull request does not follow our editorial rules. Could you have a look?

  • title should preferably start with an uppercase character (if it makes sense!)
  • title should not start with chore/docs/feat/fix/refactor but be a proper sentence

This message is automatically generated by a bot.

Sgitario
Sgitario commented Mar 4, 2022
View reviewed changes
...anilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/KubernetesCommonHelper.java
@@ -317,6 +317,10 @@
result.add(new DecoratorBuildItem(target, new ApplyRequestsMemoryDecorator(name, m)));
});

if (config.getSecurityContext().isAnyPropertySet()) {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a hack ... But I tried to make the security context optional (which it is, so it makes sense), but the configuration does not deal well with having a complex and nested configuration with optional. Concretely, if I use Optional instead of the hack isAnyPropertySet, it fails with:

java.lang.RuntimeException: java.lang.RuntimeException: java.lang.IllegalArgumentException: Can not set io.quarkus.kubernetes.deployment.SecurityContextConfig$WindowsOptions field io.quarkus.kubernetes.deployment.SecurityContextConfig.windowsOptions to java.util.Optional

This is related to #7862, which was recently closed with a workaround, but not to really give support of optional configuration groups.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From my point of view this is clear as it communicates the intention and there is no room for interpretations.
Going the Optional way it would be unclear how default values are meant to be handled.
So, +1 for this.

@Sgitario
Copy link
Contributor Author

Sgitario commented Mar 4, 2022

/cc @geoand @iocanel @iompo

@geoand geoand requested a review from iocanel March 4, 2022 07:17
@Sgitario Sgitario changed the title feat: Kubernetes support of SecurityContext configuration Kubernetes support of SecurityContext configuration Mar 4, 2022
iocanel
iocanel requested changes Mar 8, 2022
View reviewed changes
Copy link
Contributor

@iocanel iocanel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would also like to have test coverage for the default options.

Generally speaking, I am wondering if we should have defaults assertions in a reusable form as a way to capture cases were the default behavior is broken, which is something that occurs quite often lately.

@Sgitario
Copy link
Contributor Author

Sgitario commented Mar 8, 2022

I would also like to have test coverage for the default options.

Generally speaking, I am wondering if we should have defaults assertions in a reusable form as a way to capture cases were the default behavior is broken, which is something that occurs quite often lately.

By default, it won't add any security context-related configuration. This is already asserted in https://github.com/quarkusio/quarkus/pull/24089/files#diff-fcb7320608f71deafa5b1645553e8779d1ed22f1f3a667b025e6f003d9214142R78.

@Sgitario Sgitario requested a review from iocanel March 8, 2022 09:14
iocanel
iocanel approved these changes Mar 21, 2022
View reviewed changes
Copy link
Contributor

@iocanel iocanel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@gsmet gsmet merged commit 5bad76e into quarkusio:main Mar 21, 2022
@quarkus-bot quarkus-bot bot added this to the 2.8 - main milestone Mar 21, 2022
@quarkus-bot quarkus-bot bot added the kind/enhancement New feature or request label Mar 21, 2022
@Sgitario Sgitario deleted the feat_k8s_security_context branch March 22, 2022 05:57
@Sgitario Sgitario mentioned this pull request Oct 9, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@iocanel iocanel iocanel approved these changes

Assignees
No one assigned
Labels
area/documentation area/kubernetes kind/enhancement New feature or request
Projects
None yet
Milestone
2.8.0.CR1
Development

Successfully merging this pull request may close these issues.

define securityContext properties for kubernetes in Quarkus application.properties
3 participants
@Sgitario @iocanel @gsmet