vCluster - Create fully functional virtual Kubernetes clusters - Each vcluster runs inside a namespace of the underlying k8s cluster. It's cheaper than creating separate full-blown clusters and it offers better multi-tenancy and isolation than regular namespaces.
We have a PR #188 landing with support for setting the securityContext on the vcluster containers,
but while testing it I noticed that rsecurityContext.readOnlyRootFilesystem can not be set to true with the current implementation.
We are writing a vcluster kube config into container filesystem, and that fails with readOnlyRootFilesystem=true.
The fix might be as simple as adding an emptyDir volume for this purpose, or saving the file into the path where PV is mounted, but it just needs a little bit more thought and testing, which I didn't have time for when implementing #188
We have a PR #188 landing with support for setting the securityContext on the vcluster containers, but while testing it I noticed that rsecurityContext.readOnlyRootFilesystem can not be set to true with the current implementation. We are writing a vcluster kube config into container filesystem, and that fails with readOnlyRootFilesystem=true. The fix might be as simple as adding an emptyDir volume for this purpose, or saving the file into the path where PV is mounted, but it just needs a little bit more thought and testing, which I didn't have time for when implementing #188