-
Notifications
You must be signed in to change notification settings - Fork 97
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support to configure SecurityContext/allowPrivilegeEscalation for the deployed containers #512
Milestone
Comments
github-actions
bot
added
the
status/need-triage
Team needs to triage and take a first look
label
Dec 6, 2022
corneil
changed the title
Add support to configure SecurityContext/allowPrivilegeEscalation for the deployed Streams and Tasks
Add support to configure SecurityContext/allowPrivilegeEscalation for the deployed containers
Dec 7, 2022
We will need to add ContainerSecurityContext to InitContainer and ensure that the creation of the init container uses the properties. |
onobc
added a commit
to onobc/spring-cloud-deployer-kubernetes
that referenced
this issue
Feb 7, 2023
* Add context to additional containers * Add all available config props on security contexts Co-authored-by: asinrus <arkadii_osheev@mail.ru> See spring-cloud/spring-cloud-dataflow#5184 See spring-cloud#512
corneil
pushed a commit
that referenced
this issue
Feb 9, 2023
* Add security context to init containers * Add context to additional containers * Add all available config props on security contexts Co-authored-by: asinrus <arkadii_osheev@mail.ru> See spring-cloud/spring-cloud-dataflow#5184 See #512 * Renamed nested class to end w/ "IT" to avoid unit testing
Closed via de4ed59 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Related Issue in spring cloud data flow project: issue created in dataflow project for the same
Note: I believe the code fix is probably in this project so adding /linking it here to get attention.
Require the Stream and Task PODS that are created by the deploy process have the capability to control controller level securityContext/allowPrivilegeEscalation attribute.
The resulting deployment creates the securityContext/allowPrivilegeEscalation for the container sections. However, it does not create the securityContext for the initContainers that are created for the "log" sink application which has a deployment count of 3. As part of that the App is "scaled" deployed with initContainer that does not have the securityContext.
The security policy stops all deployment that does not have securityContext/allowPrivilegeEscalation: false and that is causing this stream deployment to fail with this error message:
Steps to reproduce:
Please let me know if you need more information.
Additional information:
spring-cloud-deployer-kubernetes/src/main/java/org/springframework/cloud/deployer/spi/kubernetes/KubernetesAppDeployer.java
Line 314 in e6f4b23
spring-cloud-deployer-kubernetes/src/main/java/org/springframework/cloud/deployer/spi/kubernetes/KubernetesAppDeployer.java
Lines 491 to 506 in e6f4b23
Should the initContainer need something like this that is done for the container section:
spring-cloud-deployer-kubernetes/src/main/java/org/springframework/cloud/deployer/spi/kubernetes/AbstractKubernetesDeployer.java
Lines 256 to 259 in e6f4b23
The text was updated successfully, but these errors were encountered: