mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2024-12-24 10:07:21 +02:00
Add documentation on Kubernetes securityContext (#2822)
The new docs explain how to use the recently introduced kubernetes backend option to set the security context for pipeline steps. See #2550 --------- Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
This commit is contained in:
parent
3adb98b287
commit
18cef15da4
@ -157,6 +157,45 @@ steps:
|
|||||||
[...]
|
[...]
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### `securityContext`
|
||||||
|
|
||||||
|
Use the following configuration to set the `securityContext` for the pod/container running a given pipeline step:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
steps:
|
||||||
|
test:
|
||||||
|
image: alpine
|
||||||
|
commands:
|
||||||
|
- echo Hello world
|
||||||
|
backend_options:
|
||||||
|
kubernetes:
|
||||||
|
securityContext:
|
||||||
|
runAsUser: 999
|
||||||
|
runAsGroup: 999
|
||||||
|
privileged: true
|
||||||
|
[...]
|
||||||
|
```
|
||||||
|
|
||||||
|
Note that the `backend_options.kubernetes.securityContext` object allows you to set both pod and container level security context options in one object.
|
||||||
|
By default, the properties will be set at the pod level. Properties that are only supported on the container level will be set there instead. So, the
|
||||||
|
configuration shown above will result in something like the following pod spec:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
kind: Pod
|
||||||
|
spec:
|
||||||
|
securityContext:
|
||||||
|
runAsUser: 999
|
||||||
|
runAsGroup: 999
|
||||||
|
containers:
|
||||||
|
- name: wp-01hcd83q7be5ymh89k5accn3k6-0-step-0
|
||||||
|
image: alpine
|
||||||
|
securityContext:
|
||||||
|
privileged: true
|
||||||
|
[...]
|
||||||
|
```
|
||||||
|
|
||||||
|
See the [kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for more information on using `securityContext`.
|
||||||
|
|
||||||
## Tips and tricks
|
## Tips and tricks
|
||||||
|
|
||||||
### CRI-O
|
### CRI-O
|
||||||
|
Loading…
Reference in New Issue
Block a user