Skip to content

Support specifying patch directives in pod and container overrides #966

Closed
@amisevsk

Description

@amisevsk

Description

When using the pod-overrides or container-overrides attribute in a DevWorkspace, the override bytes are deserialized into a PodSecurityContext/SecurityContext and applied via strategic merge patch. However, this approach prevents un-setting fields within a struct, as empty fields are ignored in the serialize/deserialize procedure (due to omitempty). This means that if a pod is configured to have security context

securityContext:
    runAsUser: 1000
    runAsGroup: 3000
    fsGroup: 2000

it's not possible to specify a pod override to make this

securityContext:
    runAsUser: 1001

Kubernetes strategic merge supports patch directives to change the behavior of the patch:

  • $patch: replace causes fields to be applied as-is rather than merged into existing values
  • $patch: delete deletes fields altogether without patching anything

Additional context

Originally brought up in discussion on devfile/api#920

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions