XML

Word

Printable

Type: Epic
Resolution: Won't Do
Priority: Minor
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
None

Epic Name:
Use Kubernetes user namespaces in build controller
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Color Status:
Not Selected
Epic Status:
Done
Feature Link:
OCPSTRAT-198 - Secure-by-default image builds
Parent Link:
OCPSTRAT-198Secure-by-default image builds

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

Epic Goal

Build controller (BuildConfigs) uses Kubernetes user namespace in order to run OpenShift build pods in the user namespaces

Why is this important?

To enable any authenticated user on OpenShift to run image builds through BuildConfigs without requiring additional privileges (e.g. builder service account) for OpenShift build pods that are not available to all authenticated users and all pods.

Acceptance Criteria

Build pods can run in the user namespace using the Kubernetes user namespaces
Build pods can run with the default service account and the user-namespace-aware equivalent of "restricted" SCC

Assignee:: Nalin Dahyabhai

Reporter:: Siamak Sadeghianfar

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2022/10/20 4:42 PM

Updated:: 2024/04/03 8:29 AM

Resolved:: 2024/03/04 7:56 PM

Details

Description

Epic Goal

Why is this important?

Acceptance Criteria

Attachments

Easy Agile Planning Poker

Activity

People

Dates

PagerDuty