Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

How to specify securityContext

See original GitHub issue

The k8s cluster I deploy to has a pod security policy, and requires that the Argo workflows have the following, top-level securityContext:

apiVersion: argoproj.io/v1alpha1
kind: Workflow
metadata:
  generateName: main-
spec:
  securityContext:
     fsGroup: 2000
     runAsNonRoot: true
     runAsUser: 1000
...

How can I specify that via couler? I couldn’t find anything in the docs.

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:5 (5 by maintainers)

github_iconTop GitHub Comments

1reaction
merlintangcommented, Apr 30, 2021

yes it is.

On Fri, Apr 30, 2021 at 11:58 AM kodeninja @.***> wrote:

Right, this applies at the workflow level.

Is this a good PR for reference: #195 https://github.com/couler-proj/couler/pull/195?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/couler-proj/couler/issues/200#issuecomment-829787583, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAK5R6PL25F4E23D77MNQUTTLITETANCNFSM433EVPGA .

1reaction
merlintangcommented, Apr 30, 2021

actually, we do not support security context at the right moment, please send a PR if you are interested.

On Fri, Apr 30, 2021 at 10:31 AM kodeninja @.***> wrote:

The k8s cluster I deploy to has a pod security policy, and requires that the Argo workflows have the following, top-level securityContext:

apiVersion: argoproj.io/v1alpha1kind: Workflowmetadata: generateName: main-spec: securityContext: fsGroup: 2000 runAsNonRoot: true runAsUser: 1000 …

How can I specify that via couler? I couldn’t find anything in the docs.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/couler-proj/couler/issues/200, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAK5R6PGD6WUXGZVZXVHCM3TLIJBVANCNFSM433EVPGA .

Read more comments on GitHub >

github_iconTop Results From Across the Web

Configure a Security Context for a Pod or Container
A security context defines privilege and access control settings for a Pod or Container. Security context settings include, ...
Read more >
Managing Security Context Constraints | Cluster Administration
Security context constraints allow administrators to control permissions for pods. To learn more about this API type, see the security context constraints (SCCs) ......
Read more >
How to manage service accounts and security context ...
Learn how to configure service account access restrictions and security context constraints (SCCs) to control permissions for pods.
Read more >
10 Kubernetes Security Context settings you should understand
In this cheatsheet, we will take a look at the various securityContext settings, explore what they mean and how you should use them....
Read more >
Tutorial: Use SCCs to restrict and empower OpenShift workloads
An administrator assigns a security context constraint (SCC) to the service account that grants the requested access. The SCC can be assigned ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

How to use it with React FontAwesome component?

Next page

Move argo-workflows to optional dependency