Closed
Description
Description
When using the pod-overrides or container-overrides attribute in a DevWorkspace, the override bytes are deserialized into a PodSecurityContext/SecurityContext and applied via strategic merge patch. However, this approach prevents un-setting fields within a struct, as empty fields are ignored in the serialize/deserialize procedure (due to omitempty). This means that if a pod is configured to have security context
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
it's not possible to specify a pod override to make this
securityContext:
runAsUser: 1001
Kubernetes strategic merge supports patch directives to change the behavior of the patch:
$patch: replace
causes fields to be applied as-is rather than merged into existing values$patch: delete
deletes fields altogether without patching anything
Additional context
Originally brought up in discussion on devfile/api#920
Metadata
Metadata
Assignees
Labels
No labels