compliantkubernetes-apps icon indicating copy to clipboard operation
compliantkubernetes-apps copied to clipboard

Published 20 hours ago verified publisher icon elastisys

Allow ephemeral containers

Open OlleLarsson opened this issue 4 weeks ago • 0 comments

Description

kubectl debug is a useful command for debugging pods that run minimal container images as it allows one to attach a container that has additional binaries that can be helpful in some debugging scenarios.

Application developers can't issue an kubectl debug command as they lack permissions for ephemeral containers.

We want to give application developers access to ephemeral containers so that they can leverage some of the capabilities of the kubectl debug command.

Definition of done

  • [ ] Application developers have patch on pods/ephemeralcontainers in "", thus having the ability to run kubectl debug.
  • [ ] Gatekeeper safeguard image-registry works on ephemeral containers.
  • [ ] Gatekeeper safeguard image-registry has tests for ephemeral containers.
  • [ ] Public docs have been updated and kubectl debug has been mentioned and the limitation of privilege escalation not being allowed.

OlleLarsson avatar Jan 31 '25 09:01 OlleLarsson