diff --git a/apis/controller/v1alpha1/devworkspaceoperatorconfig_types.go b/apis/controller/v1alpha1/devworkspaceoperatorconfig_types.go index afeae5b7b..db457cd6e 100644 --- a/apis/controller/v1alpha1/devworkspaceoperatorconfig_types.go +++ b/apis/controller/v1alpha1/devworkspaceoperatorconfig_types.go @@ -124,12 +124,12 @@ type WorkspaceConfig struct { // but the objects will be left on the cluster). The default value is false. CleanupOnStop *bool `json:"cleanupOnStop,omitempty"` // PodSecurityContext overrides the default PodSecurityContext used for all workspace-related - // pods created by the DevWorkspace Operator. If set, the entire pod security context is - // overridden; values are not merged. + // pods created by the DevWorkspace Operator. If set, defined values are merged into the default + // configuration PodSecurityContext *corev1.PodSecurityContext `json:"podSecurityContext,omitempty"` // ContainerSecurityContext overrides the default ContainerSecurityContext used for all - // workspace-related containers created by the DevWorkspace Operator. If set, the entire - // container security context is overridden; values are not merged. + // workspace-related containers created by the DevWorkspace Operator. If set, defined + // values are merged into the default configuration ContainerSecurityContext *corev1.SecurityContext `json:"containerSecurityContext,omitempty"` // DefaultTemplate defines an optional DevWorkspace Spec Template which gets applied to the workspace // if the workspace's Template Spec Components are not defined. The DefaultTemplate will overwrite the existing diff --git a/deploy/bundle/manifests/controller.devfile.io_devworkspaceoperatorconfigs.yaml b/deploy/bundle/manifests/controller.devfile.io_devworkspaceoperatorconfigs.yaml index bfa855c17..21738e890 100644 --- a/deploy/bundle/manifests/controller.devfile.io_devworkspaceoperatorconfigs.yaml +++ b/deploy/bundle/manifests/controller.devfile.io_devworkspaceoperatorconfigs.yaml @@ -63,7 +63,7 @@ spec: description: CleanupOnStop governs how the Operator handles stopped DevWorkspaces. If set to true, additional resources associated with a DevWorkspace (e.g. services, deployments, configmaps, etc.) will be removed from the cluster when a DevWorkspace has .spec.started = false. If set to false, resources will be scaled down (e.g. deployments but the objects will be left on the cluster). The default value is false. type: boolean containerSecurityContext: - description: ContainerSecurityContext overrides the default ContainerSecurityContext used for all workspace-related containers created by the DevWorkspace Operator. If set, the entire container security context is overridden; values are not merged. + description: ContainerSecurityContext overrides the default ContainerSecurityContext used for all workspace-related containers created by the DevWorkspace Operator. If set, defined values are merged into the default configuration properties: allowPrivilegeEscalation: description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' @@ -1452,7 +1452,7 @@ spec: - Never type: string podSecurityContext: - description: PodSecurityContext overrides the default PodSecurityContext used for all workspace-related pods created by the DevWorkspace Operator. If set, the entire pod security context is overridden; values are not merged. + description: PodSecurityContext overrides the default PodSecurityContext used for all workspace-related pods created by the DevWorkspace Operator. If set, defined values are merged into the default configuration properties: fsGroup: description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume." diff --git a/deploy/deployment/kubernetes/combined.yaml b/deploy/deployment/kubernetes/combined.yaml index 5a0ad10f1..73819c494 100644 --- a/deploy/deployment/kubernetes/combined.yaml +++ b/deploy/deployment/kubernetes/combined.yaml @@ -100,8 +100,8 @@ spec: containerSecurityContext: description: ContainerSecurityContext overrides the default ContainerSecurityContext used for all workspace-related containers created by the DevWorkspace - Operator. If set, the entire container security context is overridden; - values are not merged. + Operator. If set, defined values are merged into the default + configuration properties: allowPrivilegeEscalation: description: 'AllowPrivilegeEscalation controls whether a @@ -2283,8 +2283,8 @@ spec: podSecurityContext: description: PodSecurityContext overrides the default PodSecurityContext used for all workspace-related pods created by the DevWorkspace - Operator. If set, the entire pod security context is overridden; - values are not merged. + Operator. If set, defined values are merged into the default + configuration properties: fsGroup: description: "A special supplemental group that applies to diff --git a/deploy/deployment/kubernetes/objects/devworkspaceoperatorconfigs.controller.devfile.io.CustomResourceDefinition.yaml b/deploy/deployment/kubernetes/objects/devworkspaceoperatorconfigs.controller.devfile.io.CustomResourceDefinition.yaml index e7aea3444..c063a68da 100644 --- a/deploy/deployment/kubernetes/objects/devworkspaceoperatorconfigs.controller.devfile.io.CustomResourceDefinition.yaml +++ b/deploy/deployment/kubernetes/objects/devworkspaceoperatorconfigs.controller.devfile.io.CustomResourceDefinition.yaml @@ -100,8 +100,8 @@ spec: containerSecurityContext: description: ContainerSecurityContext overrides the default ContainerSecurityContext used for all workspace-related containers created by the DevWorkspace - Operator. If set, the entire container security context is overridden; - values are not merged. + Operator. If set, defined values are merged into the default + configuration properties: allowPrivilegeEscalation: description: 'AllowPrivilegeEscalation controls whether a @@ -2283,8 +2283,8 @@ spec: podSecurityContext: description: PodSecurityContext overrides the default PodSecurityContext used for all workspace-related pods created by the DevWorkspace - Operator. If set, the entire pod security context is overridden; - values are not merged. + Operator. If set, defined values are merged into the default + configuration properties: fsGroup: description: "A special supplemental group that applies to diff --git a/deploy/deployment/openshift/combined.yaml b/deploy/deployment/openshift/combined.yaml index 52871374c..50c45d790 100644 --- a/deploy/deployment/openshift/combined.yaml +++ b/deploy/deployment/openshift/combined.yaml @@ -100,8 +100,8 @@ spec: containerSecurityContext: description: ContainerSecurityContext overrides the default ContainerSecurityContext used for all workspace-related containers created by the DevWorkspace - Operator. If set, the entire container security context is overridden; - values are not merged. + Operator. If set, defined values are merged into the default + configuration properties: allowPrivilegeEscalation: description: 'AllowPrivilegeEscalation controls whether a @@ -2283,8 +2283,8 @@ spec: podSecurityContext: description: PodSecurityContext overrides the default PodSecurityContext used for all workspace-related pods created by the DevWorkspace - Operator. If set, the entire pod security context is overridden; - values are not merged. + Operator. If set, defined values are merged into the default + configuration properties: fsGroup: description: "A special supplemental group that applies to diff --git a/deploy/deployment/openshift/objects/devworkspaceoperatorconfigs.controller.devfile.io.CustomResourceDefinition.yaml b/deploy/deployment/openshift/objects/devworkspaceoperatorconfigs.controller.devfile.io.CustomResourceDefinition.yaml index e7aea3444..c063a68da 100644 --- a/deploy/deployment/openshift/objects/devworkspaceoperatorconfigs.controller.devfile.io.CustomResourceDefinition.yaml +++ b/deploy/deployment/openshift/objects/devworkspaceoperatorconfigs.controller.devfile.io.CustomResourceDefinition.yaml @@ -100,8 +100,8 @@ spec: containerSecurityContext: description: ContainerSecurityContext overrides the default ContainerSecurityContext used for all workspace-related containers created by the DevWorkspace - Operator. If set, the entire container security context is overridden; - values are not merged. + Operator. If set, defined values are merged into the default + configuration properties: allowPrivilegeEscalation: description: 'AllowPrivilegeEscalation controls whether a @@ -2283,8 +2283,8 @@ spec: podSecurityContext: description: PodSecurityContext overrides the default PodSecurityContext used for all workspace-related pods created by the DevWorkspace - Operator. If set, the entire pod security context is overridden; - values are not merged. + Operator. If set, defined values are merged into the default + configuration properties: fsGroup: description: "A special supplemental group that applies to diff --git a/deploy/templates/crd/bases/controller.devfile.io_devworkspaceoperatorconfigs.yaml b/deploy/templates/crd/bases/controller.devfile.io_devworkspaceoperatorconfigs.yaml index e6a47c1dc..45e495175 100644 --- a/deploy/templates/crd/bases/controller.devfile.io_devworkspaceoperatorconfigs.yaml +++ b/deploy/templates/crd/bases/controller.devfile.io_devworkspaceoperatorconfigs.yaml @@ -99,8 +99,8 @@ spec: containerSecurityContext: description: ContainerSecurityContext overrides the default ContainerSecurityContext used for all workspace-related containers created by the DevWorkspace - Operator. If set, the entire container security context is overridden; - values are not merged. + Operator. If set, defined values are merged into the default + configuration properties: allowPrivilegeEscalation: description: 'AllowPrivilegeEscalation controls whether a @@ -2282,8 +2282,8 @@ spec: podSecurityContext: description: PodSecurityContext overrides the default PodSecurityContext used for all workspace-related pods created by the DevWorkspace - Operator. If set, the entire pod security context is overridden; - values are not merged. + Operator. If set, defined values are merged into the default + configuration properties: fsGroup: description: "A special supplemental group that applies to