Skip to content

feat(executors-k8s): improve handling for security context#835

Merged
michaellzc merged 1 commit intomainfrom
03-12-feat_executors-k8s_improve_handling_for_security_context
Mar 13, 2026
Merged

feat(executors-k8s): improve handling for security context#835
michaellzc merged 1 commit intomainfrom
03-12-feat_executors-k8s_improve_handling_for_security_context

Conversation

@michaellzc
Copy link
Member

@michaellzc michaellzc commented Mar 13, 2026
edited
Loading

ref PLAT-463

unfortunatelly executor.securityConext.privieleged (defaults to false now) is impossible to be backward compatible, so we make sure the same default is carryover to executor.containerSecurityContext. which has a default of privileged=false.

Checklist

@michaellzc Graphite App
Copy link
Member Author

michaellzc commented Mar 13, 2026

This stack of pull requests is managed by Graphite. Learn more about stacking.

@michaellzc michaellzc force-pushed the 03-12-feat_executors-k8s_improve_handling_for_security_context branch from 0415463 to c813e19 Compare March 13, 2026 00:26
@michaellzc michaellzc requested review from a team and marcleblanc2 March 13, 2026 00:27
@michaellzc michaellzc marked this pull request as ready for review March 13, 2026 00:27
@michaellzc michaellzc added the backport 7.0.x Backport to 7.0.x release branch label Mar 13, 2026
@michaellzc michaellzc merged commit 15b9378 into main Mar 13, 2026
7 checks passed
@michaellzc michaellzc deleted the 03-12-feat_executors-k8s_improve_handling_for_security_context branch March 13, 2026 15:24
@sourcegraph-release-bot
Copy link
Collaborator

sourcegraph-release-bot commented Mar 13, 2026

The backport to 7.0.x failed at https://github.com/sourcegraph/deploy-sourcegraph-helm/actions/runs/23057791298:

Reviews may only be requested from collaborators. One or more of the teams you specified is not a collaborator of the sourcegraph/deploy-sourcegraph-helm repository.

To backport this PR manually, you can either:

Via the sg tool

Use the sg backport command to backport your commit to the release branch.

sg backport -r 7.0.x -p 835
Via your terminal

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-7.0.x 7.0.x
# Navigate to the new working tree
cd .worktrees/backport-7.0.x
# Create a new branch
git switch --create backport-835-to-7.0.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 15b93786e6f4f926cc4e860f54b3d9d6c788efc8
# Push it to GitHub
git push --set-upstream origin backport-835-to-7.0.x
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-7.0.x

If you encouter conflict, first resolve the conflict and stage all files, then run the commands below:

git cherry-pick --continue
# Push it to GitHub
git push --set-upstream origin backport-835-to-7.0.x
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-7.0.x
  • Follow above instructions to backport the commit.
  • Create a pull request where the base branch is 7.0.x and the compare/head branch is backport-835-to-7.0.x., click here to create the pull request.

Once the pull request has been created, please ensure the following:

  • Make sure to tag @sourcegraph/release in the pull request description.

  • kindly remove the release-blocker from this pull request.

@sourcegraph-release-bot sourcegraph-release-bot mentioned this pull request Mar 13, 2026
Merged
3 tasks
michaellzc added a commit that referenced this pull request Mar 13, 2026
@sourcegraph-release-bot @michaellzc
[Backport 7.0.x] feat(executors-k8s): improve handling for security c…
ac382c5 
…ontext (#836)

Backport 15b9378 from #835

ref PLAT-463

unfortunatelly `executor.securityConext.privieleged` (defaults to
`false` now) is impossible to be backward compatible, so we make sure
the same default is carryover to `executor.containerSecurityContext.`
which has a default of `privileged=false`.

### Checklist

- [x] Follow the [manual testing
process](https://github.com/sourcegraph/deploy-sourcegraph-helm/blob/main/TEST.md)
- [x] Update
[changelog](https://github.com/sourcegraph/deploy-sourcegraph-helm/blob/main/charts/sourcegraph/CHANGELOG.md)
- [x] Update [Kubernetes update
doc](https://docs.sourcegraph.com/admin/updates/kubernetes)

Co-authored-by: Michael Lin <mlzc@hey.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@devdinu devdinu devdinu approved these changes

@marcleblanc2 marcleblanc2 Awaiting requested review from marcleblanc2

Assignees

No one assigned

Labels

backport 7.0.x Backport to 7.0.x release branch backports failed-backport-to-7.0.x release-blocker

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@michaellzc @sourcegraph-release-bot @devdinu