Support for RuntimeClass

Open prometherion opened this issue 3 years ago • 2 comments

Describe the feature

RuntimeClass is a feature for selecting the container runtime configuration. The container runtime configuration is used to run a Pod's containers.

As a Cluster Administrator, I want to limit, prevent, or allow the use of specific RuntimeClass to specific tenants.

When the Tenant is enforced with a specific set of RuntimeClass, if the Pod is using a forbidden one, must be denied.

Aug 16 '22 12:08 prometherion

@prometherion I ll do that. I guess we are looking for same functionality as eg. PriorityClasses:

  runtTimeClass:
    default: "cri-o"
    allowed:
      - cri-o
    allowedRegex: "^docker-.*$"

I would also add the default attribute and could combine it with #610. That makes sense for you?

Aug 16 '22 13:08 oliverbaehler

I guess we are looking for same functionality as eg. PriorityClasses:

I confirm that, also because we do already have our mechanism to check regex values and the exact match.

I would also add the default attribute and could combine it with #610. That makes sense for you?

Let's keep it separated to avoid huge PRs.

Just a minor note, we have to address this for the new type, v1beta2, and we're still blocked since we don't have the required scaffolding.

I'll be back to you once everything is settled so you can start working on it! 💪🏻

Aug 17 '22 14:08 prometherion

@oliverbaehler I missed to assign this to you, wondering if you're still on it, otherwise I can take care.

Sep 27 '22 16:09 prometherion

Taking over of this as discussed privately.

Dec 26 '22 13:12 prometherion