1
0
mirror of https://github.com/woodpecker-ci/woodpecker.git synced 2024-12-24 10:07:21 +02:00

Add documentation on Kubernetes securityContext (#2822)

The new docs explain how to use the recently introduced kubernetes
backend option to set the security context for pipeline steps.

See #2550

---------

Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
This commit is contained in:
Dominic 2023-11-25 23:50:12 -08:00 committed by GitHub
parent 3adb98b287
commit 18cef15da4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -157,6 +157,45 @@ steps:
[...]
```
### `securityContext`
Use the following configuration to set the `securityContext` for the pod/container running a given pipeline step:
```yaml
steps:
test:
image: alpine
commands:
- echo Hello world
backend_options:
kubernetes:
securityContext:
runAsUser: 999
runAsGroup: 999
privileged: true
[...]
```
Note that the `backend_options.kubernetes.securityContext` object allows you to set both pod and container level security context options in one object.
By default, the properties will be set at the pod level. Properties that are only supported on the container level will be set there instead. So, the
configuration shown above will result in something like the following pod spec:
```yaml
kind: Pod
spec:
securityContext:
runAsUser: 999
runAsGroup: 999
containers:
- name: wp-01hcd83q7be5ymh89k5accn3k6-0-step-0
image: alpine
securityContext:
privileged: true
[...]
```
See the [kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for more information on using `securityContext`.
## Tips and tricks
### CRI-O