mirrors/woodpecker
1
0
Fork 0
mirror of https://github.com/woodpecker-ci/woodpecker.git synced 2024-11-26 11:51:02 +00:00
Code Issues Projects Releases Wiki Activity

Add documentation on Kubernetes securityContext (#2822)

Browse source 
The new docs explain how to use the recently introduced kubernetes
backend option to set the security context for pipeline steps.

See #2550

---------

Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
This commit is contained in:
Dominic 2023-11-25 23:50:12 -08:00 committed by GitHub
parent 3adb98b287
commit 18cef15da4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 39 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
docs/docs/30-administration/22-backends/40-kubernetes.md
View file

@ -157,6 +157,45 @@ steps:
[...]
```
### `securityContext`
Use the following configuration to set the `securityContext` for the pod/container running a given pipeline step:
```yaml
steps:
test:
image: alpine
commands:
- echo Hello world
backend_options:
kubernetes:
securityContext:
runAsUser: 999
runAsGroup: 999
privileged: true
[...]
```
Note that the `backend_options.kubernetes.securityContext` object allows you to set both pod and container level security context options in one object.
By default, the properties will be set at the pod level. Properties that are only supported on the container level will be set there instead. So, the
configuration shown above will result in something like the following pod spec:
```yaml
kind: Pod
spec:
securityContext:
runAsUser: 999
runAsGroup: 999
containers:
- name: wp-01hcd83q7be5ymh89k5accn3k6-0-step-0
image: alpine
securityContext:
privileged: true
[...]
```
See the [kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for more information on using `securityContext`.
## Tips and tricks
### CRI-O