Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 3.4.0.GA
Affects Version/s: None
Component/s: Team A: Dashboard, devfile and plugin registries, open-vsx, operator + chectl/dsc, devfile-converter, configbump + traefik, image-puller, server, gateway, authentication, try-in-web-ide action, telemetry
Labels:
- Customer1

Blocked:
False
Blocked Reason:
None
Ready:
False

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Following the instructions from this PR it's possible to run workspace Pod using a specific SCC.

That works fine until the workspace service account doesn't have any other SCC with same/higher priority.

Adding an SCC to workspaces SA is not enough, we need to explicitly list the required capabilities in the workspace Pod spec. I am not sure what's the best approach:

automatically extracting the capabilities from the SCC
requesting users to specify the capabilities in the DevWorkspace (with the new spec.pods?)

links to

eclipse-che/che-operator#1608: Cherry-pick commits from #1576 & #1565 & #1606 to 7.58.x

Specify the workspace Pods securityContext (SETGID and SETUID) when developers have container build capabilities

The SCC specified in a DevWorkspace attributes is not used (an SCC with higher priority is picked)

Assignee:: Ilya Buziuk

Reporter:: Martha Benitez

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2022/09/27 2:51 PM

Updated:: 2023/01/30 10:02 AM

Resolved:: 2023/01/26 10:33 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates