Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-56049

Limit pods' access to cluster resources

    Details

    • Similar Issues:

      Description

      The kubernetes-plugin for Jenkins requires that the Jenkins master can access the api-server for, among other things, creating pods. This means that if Jenkins slaves use the same service account as the Jenkins master, users can grant themselves cluster permissions they are not authorised to have. We already have the ability to make job pods spawn in another namespace (through cloud - kubernetes namespace), which would solve this. Unfortunately, nothing prevents a user from creating a job where they override this value. We want an option to be able to disallow use of the podTemplate field allowing them to configure what namespace to run pods in. 

        Attachments

          Activity

          There are no comments yet on this issue.

            People

            • Assignee:
              Unassigned
              Reporter:
              erihanse Erik Aaron Hansen
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: