-
Notifications
You must be signed in to change notification settings - Fork 211
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Specify the user and group to be executed for kwokctl exec #677
Conversation
✅ Deploy Preview for k8s-kwok canceled.
|
d784d5c
to
e97540f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's not create users, but use existing ones
securityContext:
runAsUser: <*int64>
runAsGroup: <*int64>
e97540f
to
203e6cf
Compare
@wzshiming If we specify user by securityContext.runAsUser(uid and gid only), we may not be able to specify username and group name, should we use uid and gid in User struct instead?
|
Yes, Creating users and groups can cause some damage and is very risky, so don't let kwok get involved. |
820f446
to
1b47b8b
Compare
@wzshiming in this case, do we need to implement pod securityContext.runAsUser functionality as well(pod is also virtual in kwok, securityContext.runAsUser in pod spec doesn't work as expected in kwok)? |
We define our own, which has only two fields. type SecurityContext struct {
RunAsUser *int64 `json:"runAsUser,omitempty"`
RunAsGroup *int64 `json:"runAsGroup,omitempty"`
} |
1b47b8b
to
d2ad1f3
Compare
97c0afd
to
7a178cf
Compare
364d57c
to
bb28cea
Compare
9f57d24
to
c9b0e4e
Compare
c9b0e4e
to
be6c55c
Compare
be6c55c
to
3e8f034
Compare
45ea261
to
d39747e
Compare
d39747e
to
cf87f10
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/approve
/lgtm
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: lianghao208, wzshiming The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
What type of PR is this?
/kind feature
/kind api-change
What this PR does / why we need it:
ref: #660
Which issue(s) this PR fixes:
Fixes #660
Special notes for your reviewer:
Does this PR introduce a user-facing change?
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: