apache
On Kubernetes environments with strict securityContext policies, the builder and demomode pods cannot start
Describe the bug
On Kubernetes environments with strict securityContext policies, the builder and demomode pods cannot start. Currently, the builder is taking the specs from the builder yaml from configuration, but it does not take also the container specs, where some securityContext policies are defined. Also the demomode pod takes the specs from the deployment.jkube.yaml, but only partially, leaving out the securityContext.
More information inside the discussion item: https://github.com/apache/camel-karavan/discussions/1364
Steps to reproduce the behavior
- Add securityContext elements to the builder and demomode pods
- Run them, and check the yaml of the k8s files
- The securityContext is not taken from the configuration
Variant
Web Application
Container Management (if applicable)
Kubernetes
Operating System (if applicable)
None
Version
4.8.0
Relevant log output
No response
I will assign it to me and extend the code to take also the securityContext specs into consideration.
I see 2 options to do it:
- To extend the current code to also take the securityContext specs specifically (like currently done with the env specs).
- Or to initialize the pod specs with the full builder / deployment specs and overwrite only what is minimum needed when creating the pods. So, here we dont take specifically the securityContext, but if it is defined, it will be taken automatically. I tend more to this solution, as it allows future extensibility on the specs, outside of the securityContext. What do you think? Or do you see a third option?
The first option would be secure to implement, because much of the logic in creating the build container code is conditional. Implementing a full builder specification might require a lot of users to upgrade.