Closed CasperGN closed 6 months ago
Hi, thanks for your comments.
Looking in the Kubernetes docs, my understanding is "The security settings that you specify for a Pod apply to all Containers in the Pod."
Currently Kubegres allows configuring security context on pod level. This should apply to the containers too.
Are you suggesting that you would like to also be able to define security context for container which can be different to the security context which apply for the pod?
Hi @alex-arica,
There's a difference in the spec of a SecurityContext and the PodSecurityContext:
SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
The PodSecurityContext is lacking some of the options required by Pod Security Standards enforced on the latest version which is:
I've made the Pull Request #178 which implements the above.
ok, I am going to review the changes and keep you posted
Closing after merge of the PR.
Changes available with Kubegres 1.18
Referencing #52 I understand that the intention was to allow for running with the following labels on the namespace level:
However, this requires further securityContext settings than just the PodsecurityContext it also requires the ContainerSecurityContext as well. For us to be able to run in a namespace with the above labels we have the following
deployment.yaml
:Above cut slim for simplicity.
By allowing the
kubegres
object to input tospec.containers.securityContext
we'd be able to run on enforced Pod Security Standards.An example of an input file could look as follows:
If I can have a pointer on where to look at implementing I wouldn't mind taking a stab at implementing this over the weekend.