diff options
| author | Mayank Kumar <mayank.kumar@salesforce.com> | 2017-08-30 15:05:32 -0700 |
|---|---|---|
| committer | Mayank Kumar <mayank.kumar@salesforce.com> | 2017-09-14 09:28:00 -0700 |
| commit | 218f09513b52dc5adfcafeea9e6dbf60dc4665cf (patch) | |
| tree | 95c5e3965e89b52081b5ed2794a8d6f7f4579764 /contributors | |
| parent | b5c11b314f0c125fe70f404892e3302245a9169e (diff) | |
review comments
Diffstat (limited to 'contributors')
| -rw-r--r-- | contributors/design-proposals/runas-groupid.md | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/contributors/design-proposals/runas-groupid.md b/contributors/design-proposals/runas-groupid.md index 27592cc2..c83639fc 100644 --- a/contributors/design-proposals/runas-groupid.md +++ b/contributors/design-proposals/runas-groupid.md @@ -3,7 +3,7 @@ As a Kubernetes User, we should be able to specify both user id and group id for the containers running inside a pod on a per Container basis, similar to how docker allows that using docker run options `-u, ---user="" Username or UID (format: <name|uId>[:<group|gid>]) format`. +--user="" Username or UID (format: <name|uid>[:<group|gid>]) format`. PodSecurityContext allows Kubernetes users to specify RunAsUser which can be overriden by RunAsUser in SecurityContext on a per Container basis. There is no equivalent field for specifying the primary @@ -45,7 +45,7 @@ in the Dockerfile of the container image, without having to create a new Docker ### Model -Introduce a new API field in SecurityContext and PodSecurityContext called `RunAsGroup` +Introduce a new API field in SecurityContext and PodSecurityContext called `RunAsGroup`. #### SecurityContext @@ -62,13 +62,13 @@ type SecurityContext struct { // May also be set in PodSecurityContext. If set in both SecurityContext and // PodSecurityContext, the value specified in SecurityContext takes precedence. // +optional - RunAsUser *Int64 + RunAsUser *int64 // The GID to run the entrypoint of the container process. // Defaults to group specified in image metadata if unspecified. // May also be set in PodSecurityContext. If set in both SecurityContext and // PodSecurityContext, the value specified in SecurityContext takes precedence. // +optional - RunAsGroup *Int64 + RunAsGroup *int64 ..... } @@ -87,13 +87,13 @@ type PodSecurityContext struct { // PodSecurityContext, the value specified in SecurityContext takes precedence // for that container. // +optional - RunAsUser *Int64 + RunAsUser *int64 // The GID to run the entrypoint of the container process. // Defaults to group specified in image metadata if unspecified. // May also be set in PodSecurityContext. If set in both SecurityContext and // PodSecurityContext, the value specified in SecurityContext takes precedence. // +optional - RunAsGroup *Int64 + RunAsGroup *int64 ..... } @@ -103,7 +103,7 @@ type PodSecurityContext struct { PodSecurityPolicy defines strategies or conditions that a pod must run with in order to be accepted into the system. Two of the relevant strategies are RunAsUser and SupplementalGroups. We introduce -a new strategy called RunAsGroup which will support the following options:- +a new strategy called RunAsGroup which will support the following options: - MustRunAs - MustRunAsNonRoot - RunAsAny @@ -149,7 +149,7 @@ a new strategy called RunAsGroup which will support the following options:- ## Behavior -Following points should be noted:- +Following points should be noted: - `FSGroup` and `SupplementalGroups` will continue to have their old meanings and would be untouched. - The `RunAsGroup` In the SecurityContext will override the `RunAsGroup` in the PodSecurityContext. |