• Kubernetes Submit Queue's avatar
    Merge pull request #47073 from Q-Lee/psp-run-as-non-root · 60c1c1e8
    Kubernetes Submit Queue authored
    Automatic merge from submit-queue (batch tested with PRs 47073, 47457, 47479)
    
    PodSecurityPolicy should respect and validate user-supplied RunAsNonR…
    
    **What this PR does / why we need it**: PodSecurityPolicies overwrite and then fail to validate the RunAsNonRoot field in the container security context.
    
    **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #47071
    
    **Special notes for your reviewer**: gce/gke don't use this in 1.6. You'll need to speak up if you think this is important enough to patch. It should almost certainly go into 1.7.
    
    **Release note**:
    
    
    ```release-note
    PodSecurityPolicy now recognizes pods that specify `runAsNonRoot: false` in their security context and does not overwrite the specified value
    ```
    60c1c1e8
Name
Last commit
Last update
..
apparmor Loading commit data...
podsecuritypolicy Loading commit data...
BUILD Loading commit data...
doc.go Loading commit data...