Closed devopserio closed 5 months ago
/kind feature
Thank you for your thorough and detailed feature request. We welcome any community contribution to help develop this feature, but we will also consult internally if this is a feature we want to put on the roadmap.
/assign
Delivered in v2.8.0
Summary Currently, our Helm charts lack the capability to specify a custom runtimeClassName in the values.yaml file. This limitation restricts us from leveraging alternative container runtimes like gVisor and Kata Containers, which provide enhanced isolation and security features. Integrating these runtimes can significantly bolster our security posture, especially for workloads requiring stringent security measures.
Feature Request I propose the addition of a runtimeClassName parameter in the values.yaml file of our Helm charts. This enhancement will enable users to specify a custom runtime class for their pods, thus allowing the use of gVisor, Kata Containers, or any other compatible container runtime that requires a runtime class.
Implementation Suggestion
Benefits
Enhanced Security: By allowing the use of gVisor and Kata Containers, users can take advantage of stronger isolation and security features for sensitive workloads.
Flexibility: Users gain the ability to choose the most appropriate runtime for their specific use case, whether it be for enhanced security, compliance, or performance reasons.
Ease of Use: Integrating this feature directly into the values.yaml file simplifies the process of configuring alternative runtimes, making it accessible to users with minimal Kubernetes expertise.
Conclusion The addition of the runtimeClassName parameter would be a valuable enhancement to our Helm charts, providing users with the flexibility and tools necessary to secure their applications effectively. I look forward to the community's feedback and any discussions regarding the potential implementation of this feature.
Thank you for considering this feature request.