Page MenuHomePhabricator
Create Task
Maniphest T116504

Enforce that containers from a user run with the uid assigned to that user
Closed, ResolvedPublic
Actions

Description

If tool.X is running a pod with a few containers, they should all run with the uid of tool.X. This should be enforced via an admission controller.

Related Objects
Search...

Event Timeline

yuvipanda created this task.Oct 24 2015, 11:25 PM
yuvipanda raised the priority of this task from to Low.
yuvipanda updated the task description. (Show Details)
yuvipanda added projects: Cloud-Services, Toolforge.
yuvipanda added subscribers: intracer, zhuyifei1999, valhallasw and 4 others.
yuvipanda added a project: labs-sprint-118.Oct 26 2015, 4:05 PM
yuvipanda set Security to None.
yuvipanda moved this task from To do to Code Review/Blocked on the labs-sprint-118 board.Oct 26 2015, 7:26 PM
yuvipanda added a comment.Nov 2 2015, 5:57 PM

https://github.com/kubernetes/kubernetes/pull/16250 has discussions, not going very well atm unfortunately :(

yuvipanda added a project: labs-sprint-119.Nov 2 2015, 6:03 PM
yuvipanda moved this task from To do to Code Review/Blocked on the labs-sprint-119 board.Nov 2 2015, 6:05 PM
yuvipanda added a comment.Nov 13 2015, 7:04 AM

Wheee! See pull request in previous comment for details, but we have this deployed in our cluster now. Need to test it and throw stuff at it to make sure it's rock solid...

yuvipanda claimed this task.Nov 13 2015, 7:04 AM
yuvipanda raised the priority of this task from Low to High.Nov 17 2015, 2:46 AM
yuvipanda closed this task as Resolved.Nov 29 2015, 1:46 AM

This works sufficiently now!

yuvipanda mentioned this in T112718: Write admission controller disabling mounting of unauthorized volumes.Nov 29 2015, 2:16 AM
Phabricator_maintenance removed a subscriber: yuvipanda.Jun 7 2017, 6:46 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits