Kubernetes executor container security context (!3116) · Merge requests · GitLab.org / gitlab-runner

Georgi N. Georgiev requested to merge kubernetes-container-security-context into main Aug 27, 2021

What does this MR do?

Allows specifying security context for build, helper and service containers that overrides the pod security context, capAdd/capDrop and allowPrivilegeEscalation settings.

Why was this MR needed?

Finish !1507 (closed)

What's the best way to test this MR?

Setup a config.toml by following the documentation from this MR. E.g. Setting run_as_user on the pod_security_context and helper_security_context should result in the pod and container having the two different values, in other words, container specific settings should always override pod specific settings. The same goes for capAdd/capDrop and allowPrivilegeEscalation.

Also there are a lot of tests which should cover this functionality well enough without the need of manual testing ✌

What are the relevant issue numbers?

Closes #4518 (closed)

Edited Aug 31, 2021 by Georgi N. Georgiev

Kubernetes executor container security context

What does this MR do?

Why was this MR needed?

What's the best way to test this MR?

What are the relevant issue numbers?

Merge request reports