How to specify securityContext
kodeninja opened this issue · comments
kodeninja commented
The k8s cluster I deploy to has a pod security policy, and requires that the Argo workflows have the following, top-level securityContext
:
apiVersion: argoproj.io/v1alpha1
kind: Workflow
metadata:
generateName: main-
spec:
securityContext:
fsGroup: 2000
runAsNonRoot: true
runAsUser: 1000
...
How can I specify that via couler
? I couldn't find anything in the docs.
Mingjie Tang commented
actually, we do not support security context at the right moment, please
send a PR if you are interested.
…On Fri, Apr 30, 2021 at 10:31 AM kodeninja ***@***.***> wrote:
The k8s cluster I deploy to has a pod security policy, and requires that
the Argo workflows have the following, top-level securityContext:
apiVersion: argoproj.io/v1alpha1kind: Workflowmetadata:
generateName: main-spec:
securityContext:
fsGroup: 2000
runAsNonRoot: true
runAsUser: 1000
...
How can I specify that via couler? I couldn't find anything in the docs.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#200>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAK5R6PGD6WUXGZVZXVHCM3TLIJBVANCNFSM433EVPGA>
.
kodeninja commented
@merlintang, I imagine this change would go in https://github.com/couler-proj/couler/blob/master/couler/core/templates/workflow.py?
Mingjie Tang commented
yes, if this security config go to the workflow level, you can change the
workflow.py.
…On Fri, Apr 30, 2021 at 11:48 AM kodeninja ***@***.***> wrote:
@merlintang <https://github.com/merlintang>, I imagine this change would
go in
https://github.com/couler-proj/couler/blob/master/couler/core/templates/workflow.py
?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#200 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAK5R6NPC7QCJ5RO4BBOQKTTLISBDANCNFSM433EVPGA>
.
kodeninja commented
Right, this applies at the workflow level.
Is this a good PR for reference: #195?
Mingjie Tang commented
yes it is.
…On Fri, Apr 30, 2021 at 11:58 AM kodeninja ***@***.***> wrote:
Right, this applies at the workflow level.
Is this a good PR for reference: #195
<#195>?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#200 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAK5R6PL25F4E23D77MNQUTTLITETANCNFSM433EVPGA>
.