-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pod security context2 #5794
Pod security context2 #5794
Conversation
Codecov Report
@@ Coverage Diff @@
## master #5794 +/- ##
==========================================
+ Coverage 43.80% 43.82% +0.01%
==========================================
Files 215 215
Lines 9166 9167 +1
Branches 112 112
==========================================
+ Hits 4015 4017 +2
+ Misses 4885 4884 -1
Partials 266 266 |
72f1d34
to
ccd9c1c
Compare
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: floreks, marcosdiez The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
It turns out both pods and containers can have their own security context.
To make things worse, although the container one has priority, they only share a few of the properties.
I actually spent some time thinking about how to make the UI less confusing, despite the reality.
This is what I came up with:
On the code level, I did something that is either very smart or very dumb depending on the point of view:
The backend just exposes the info. So nothing special here.
On the frontend, we now have 3 similar objects:
So although the Pod does expose PodSecurityContext and the container does expose ContainerSecurityContext, the security context list interprete it as PodContainerMergedSecurityContext and plots its accordinly.
As always, @floreks , please be the judge.
By the way I never explicitly had the chance to thank you for thoughtfully reviewing every single PR of mine and even going to the extra work of rewriting them when needed. Thank you. Really!
Here is a minimalist example of a yaml to test this: