From 14d517061c2a2d949982cb5e0fa1cfa1e45b7e38 Mon Sep 17 00:00:00 2001 From: Angel Misevski Date: Mon, 17 Oct 2022 21:13:22 -0600 Subject: [PATCH] Update pod/container securityContext documentation in CRD Signed-off-by: Angel Misevski --- .../v1alpha1/devworkspaceoperatorconfig_types.go | 8 ++++---- ...controller.devfile.io_devworkspaceoperatorconfigs.yaml | 4 ++-- deploy/deployment/kubernetes/combined.yaml | 8 ++++---- ...gs.controller.devfile.io.CustomResourceDefinition.yaml | 8 ++++---- deploy/deployment/openshift/combined.yaml | 8 ++++---- ...gs.controller.devfile.io.CustomResourceDefinition.yaml | 8 ++++---- ...controller.devfile.io_devworkspaceoperatorconfigs.yaml | 8 ++++---- 7 files changed, 26 insertions(+), 26 deletions(-) diff --git a/apis/controller/v1alpha1/devworkspaceoperatorconfig_types.go b/apis/controller/v1alpha1/devworkspaceoperatorconfig_types.go index d22a8e7ed..6d84017c8 100644 --- a/apis/controller/v1alpha1/devworkspaceoperatorconfig_types.go +++ b/apis/controller/v1alpha1/devworkspaceoperatorconfig_types.go @@ -142,12 +142,12 @@ type WorkspaceConfig struct { // but the objects will be left on the cluster). The default value is false. CleanupOnStop *bool `json:"cleanupOnStop,omitempty"` // PodSecurityContext overrides the default PodSecurityContext used for all workspace-related - // pods created by the DevWorkspace Operator. If set, the entire pod security context is - // overridden; values are not merged. + // pods created by the DevWorkspace Operator. If set, defined values are merged into the default + // configuration PodSecurityContext *corev1.PodSecurityContext `json:"podSecurityContext,omitempty"` // ContainerSecurityContext overrides the default ContainerSecurityContext used for all - // workspace-related containers created by the DevWorkspace Operator. If set, the entire - // container security context is overridden; values are not merged. + // workspace-related containers created by the DevWorkspace Operator. If set, defined + // values are merged into the default configuration ContainerSecurityContext *corev1.SecurityContext `json:"containerSecurityContext,omitempty"` // DefaultTemplate defines an optional DevWorkspace Spec Template which gets applied to the workspace // if the workspace's Template Spec Components are not defined. The DefaultTemplate will overwrite the existing diff --git a/deploy/bundle/manifests/controller.devfile.io_devworkspaceoperatorconfigs.yaml b/deploy/bundle/manifests/controller.devfile.io_devworkspaceoperatorconfigs.yaml index 0a13b06e9..006c5bcf8 100644 --- a/deploy/bundle/manifests/controller.devfile.io_devworkspaceoperatorconfigs.yaml +++ b/deploy/bundle/manifests/controller.devfile.io_devworkspaceoperatorconfigs.yaml @@ -63,7 +63,7 @@ spec: description: CleanupOnStop governs how the Operator handles stopped DevWorkspaces. If set to true, additional resources associated with a DevWorkspace (e.g. services, deployments, configmaps, etc.) will be removed from the cluster when a DevWorkspace has .spec.started = false. If set to false, resources will be scaled down (e.g. deployments but the objects will be left on the cluster). The default value is false. type: boolean containerSecurityContext: - description: ContainerSecurityContext overrides the default ContainerSecurityContext used for all workspace-related containers created by the DevWorkspace Operator. If set, the entire container security context is overridden; values are not merged. + description: ContainerSecurityContext overrides the default ContainerSecurityContext used for all workspace-related containers created by the DevWorkspace Operator. If set, defined values are merged into the default configuration properties: allowPrivilegeEscalation: description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' @@ -1452,7 +1452,7 @@ spec: - Never type: string podSecurityContext: - description: PodSecurityContext overrides the default PodSecurityContext used for all workspace-related pods created by the DevWorkspace Operator. If set, the entire pod security context is overridden; values are not merged. + description: PodSecurityContext overrides the default PodSecurityContext used for all workspace-related pods created by the DevWorkspace Operator. If set, defined values are merged into the default configuration properties: fsGroup: description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume." diff --git a/deploy/deployment/kubernetes/combined.yaml b/deploy/deployment/kubernetes/combined.yaml index f43404d9c..74069e498 100644 --- a/deploy/deployment/kubernetes/combined.yaml +++ b/deploy/deployment/kubernetes/combined.yaml @@ -100,8 +100,8 @@ spec: containerSecurityContext: description: ContainerSecurityContext overrides the default ContainerSecurityContext used for all workspace-related containers created by the DevWorkspace - Operator. If set, the entire container security context is overridden; - values are not merged. + Operator. If set, defined values are merged into the default + configuration properties: allowPrivilegeEscalation: description: 'AllowPrivilegeEscalation controls whether a @@ -2283,8 +2283,8 @@ spec: podSecurityContext: description: PodSecurityContext overrides the default PodSecurityContext used for all workspace-related pods created by the DevWorkspace - Operator. If set, the entire pod security context is overridden; - values are not merged. + Operator. If set, defined values are merged into the default + configuration properties: fsGroup: description: "A special supplemental group that applies to diff --git a/deploy/deployment/kubernetes/objects/devworkspaceoperatorconfigs.controller.devfile.io.CustomResourceDefinition.yaml b/deploy/deployment/kubernetes/objects/devworkspaceoperatorconfigs.controller.devfile.io.CustomResourceDefinition.yaml index 9ab14e1ec..439f029d3 100644 --- a/deploy/deployment/kubernetes/objects/devworkspaceoperatorconfigs.controller.devfile.io.CustomResourceDefinition.yaml +++ b/deploy/deployment/kubernetes/objects/devworkspaceoperatorconfigs.controller.devfile.io.CustomResourceDefinition.yaml @@ -100,8 +100,8 @@ spec: containerSecurityContext: description: ContainerSecurityContext overrides the default ContainerSecurityContext used for all workspace-related containers created by the DevWorkspace - Operator. If set, the entire container security context is overridden; - values are not merged. + Operator. If set, defined values are merged into the default + configuration properties: allowPrivilegeEscalation: description: 'AllowPrivilegeEscalation controls whether a @@ -2283,8 +2283,8 @@ spec: podSecurityContext: description: PodSecurityContext overrides the default PodSecurityContext used for all workspace-related pods created by the DevWorkspace - Operator. If set, the entire pod security context is overridden; - values are not merged. + Operator. If set, defined values are merged into the default + configuration properties: fsGroup: description: "A special supplemental group that applies to diff --git a/deploy/deployment/openshift/combined.yaml b/deploy/deployment/openshift/combined.yaml index 3c482c519..f99520e6d 100644 --- a/deploy/deployment/openshift/combined.yaml +++ b/deploy/deployment/openshift/combined.yaml @@ -100,8 +100,8 @@ spec: containerSecurityContext: description: ContainerSecurityContext overrides the default ContainerSecurityContext used for all workspace-related containers created by the DevWorkspace - Operator. If set, the entire container security context is overridden; - values are not merged. + Operator. If set, defined values are merged into the default + configuration properties: allowPrivilegeEscalation: description: 'AllowPrivilegeEscalation controls whether a @@ -2283,8 +2283,8 @@ spec: podSecurityContext: description: PodSecurityContext overrides the default PodSecurityContext used for all workspace-related pods created by the DevWorkspace - Operator. If set, the entire pod security context is overridden; - values are not merged. + Operator. If set, defined values are merged into the default + configuration properties: fsGroup: description: "A special supplemental group that applies to diff --git a/deploy/deployment/openshift/objects/devworkspaceoperatorconfigs.controller.devfile.io.CustomResourceDefinition.yaml b/deploy/deployment/openshift/objects/devworkspaceoperatorconfigs.controller.devfile.io.CustomResourceDefinition.yaml index 9ab14e1ec..439f029d3 100644 --- a/deploy/deployment/openshift/objects/devworkspaceoperatorconfigs.controller.devfile.io.CustomResourceDefinition.yaml +++ b/deploy/deployment/openshift/objects/devworkspaceoperatorconfigs.controller.devfile.io.CustomResourceDefinition.yaml @@ -100,8 +100,8 @@ spec: containerSecurityContext: description: ContainerSecurityContext overrides the default ContainerSecurityContext used for all workspace-related containers created by the DevWorkspace - Operator. If set, the entire container security context is overridden; - values are not merged. + Operator. If set, defined values are merged into the default + configuration properties: allowPrivilegeEscalation: description: 'AllowPrivilegeEscalation controls whether a @@ -2283,8 +2283,8 @@ spec: podSecurityContext: description: PodSecurityContext overrides the default PodSecurityContext used for all workspace-related pods created by the DevWorkspace - Operator. If set, the entire pod security context is overridden; - values are not merged. + Operator. If set, defined values are merged into the default + configuration properties: fsGroup: description: "A special supplemental group that applies to diff --git a/deploy/templates/crd/bases/controller.devfile.io_devworkspaceoperatorconfigs.yaml b/deploy/templates/crd/bases/controller.devfile.io_devworkspaceoperatorconfigs.yaml index 6ad0e74b6..fab1b2a60 100644 --- a/deploy/templates/crd/bases/controller.devfile.io_devworkspaceoperatorconfigs.yaml +++ b/deploy/templates/crd/bases/controller.devfile.io_devworkspaceoperatorconfigs.yaml @@ -99,8 +99,8 @@ spec: containerSecurityContext: description: ContainerSecurityContext overrides the default ContainerSecurityContext used for all workspace-related containers created by the DevWorkspace - Operator. If set, the entire container security context is overridden; - values are not merged. + Operator. If set, defined values are merged into the default + configuration properties: allowPrivilegeEscalation: description: 'AllowPrivilegeEscalation controls whether a @@ -2282,8 +2282,8 @@ spec: podSecurityContext: description: PodSecurityContext overrides the default PodSecurityContext used for all workspace-related pods created by the DevWorkspace - Operator. If set, the entire pod security context is overridden; - values are not merged. + Operator. If set, defined values are merged into the default + configuration properties: fsGroup: description: "A special supplemental group that applies to