Skip to content

Commit

Permalink
First draft of KEP-3169: Fine-grained SupplementalGroups control
Browse files Browse the repository at this point in the history 
This KEP roughly introduces belows in Kubernetes API:
- 'PodSecurityContext.SupplementalGroupsPolicy' to control which groups are attached to the container process, and
- 'ContainerStatus.User' so that user know which identities(uid, gid, supplemental groups) are ACTUALLY attached to the container process.
The corresponding changes are also proposed in CRI.

Co-authored-by: Sergey Kanzhelev <[email protected]>
  • Loading branch information
@everpeace @SergeyKanzhelev
everpeace and SergeyKanzhelev committed Feb 9, 2023
1 parent bddca24 commit ba195b6
Show file tree
Hide file tree
Showing 2 changed files with 1,055 additions and 0 deletions.
Loading

0 comments on commit ba195b6

Please sign in to comment.