mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2024-12-24 10:07:21 +02:00
Add documentation on Kubernetes securityContext (#2822)
The new docs explain how to use the recently introduced kubernetes backend option to set the security context for pipeline steps. See #2550 --------- Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
This commit is contained in:
parent
3adb98b287
commit
18cef15da4
@ -157,6 +157,45 @@ steps:
|
||||
[...]
|
||||
```
|
||||
|
||||
### `securityContext`
|
||||
|
||||
Use the following configuration to set the `securityContext` for the pod/container running a given pipeline step:
|
||||
|
||||
```yaml
|
||||
steps:
|
||||
test:
|
||||
image: alpine
|
||||
commands:
|
||||
- echo Hello world
|
||||
backend_options:
|
||||
kubernetes:
|
||||
securityContext:
|
||||
runAsUser: 999
|
||||
runAsGroup: 999
|
||||
privileged: true
|
||||
[...]
|
||||
```
|
||||
|
||||
Note that the `backend_options.kubernetes.securityContext` object allows you to set both pod and container level security context options in one object.
|
||||
By default, the properties will be set at the pod level. Properties that are only supported on the container level will be set there instead. So, the
|
||||
configuration shown above will result in something like the following pod spec:
|
||||
|
||||
```yaml
|
||||
kind: Pod
|
||||
spec:
|
||||
securityContext:
|
||||
runAsUser: 999
|
||||
runAsGroup: 999
|
||||
containers:
|
||||
- name: wp-01hcd83q7be5ymh89k5accn3k6-0-step-0
|
||||
image: alpine
|
||||
securityContext:
|
||||
privileged: true
|
||||
[...]
|
||||
```
|
||||
|
||||
See the [kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for more information on using `securityContext`.
|
||||
|
||||
## Tips and tricks
|
||||
|
||||
### CRI-O
|
||||
|
Loading…
Reference in New Issue
Block a user