Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: Display Validation Error Messages on UI for Restricted Pod Exec Actions #6224

Open
2 tasks done
pawan-59 opened this issue Dec 26, 2024 · 0 comments
Open
2 tasks done

Feature: Display Validation Error Messages on UI for Restricted Pod Exec Actions #6224

pawan-59 opened this issue Dec 26, 2024 · 0 comments
Assignees
@abhibhaw @nishant-d @prakarsh-dt
Labels
enhancement New feature or request needs-triage Issue is not approved or ready-to-work on

Comments

@pawan-59
Copy link
Contributor

🔖 Feature description

We have written ValidatingAdmissionPolicy to restrict any user exec in specific pods, which is working fine. Still, the error is not showing on UI as to why the user cannot exec into the pods.
Policy applied:

apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingAdmissionPolicy
metadata:
  name: block-postgres-exec
spec:
  failurePolicy: Fail
  matchConstraints:
    matchPolicy: Equivalent
    namespaceSelector: {}
    objectSelector: {}
    resourceRules:
      - apiGroups:
          - ""
        apiVersions:
          - v1
        operations:
          - CONNECT
        resourceNames:
          - postgresql-14-dcd-0
        resources:
          - pods/exec
        scope: "*"
  paramKind:
    apiVersion: admissionregistration.k8s.io/v1
    kind: ValidatingAdmissionPolicyBinding
  validations:
    - expression: "false"
      message: Exec is not allowed into postgres

apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingAdmissionPolicyBinding
metadata:
  name: block-postgres-exec-binding
spec:
  matchResources:
    matchPolicy: Equivalent
    namespaceSelector: {}
    objectSelector: {}
  policyName: block-postgres-exec
  validationActions:
    - Deny

Please find the attached screenshot for reference
It throws the below error when we try using kubectl command.
Screenshot 2024-12-26 at 6 28 40 PM

But on Devtron it only shows like this.
Screenshot 2024-12-26 at 6 29 45 PM

🎤 Pitch / Usecases

There should be visibility to users why they are not able to exec into the pods.

🔄️ Alternative

No response

👀 Have you spent some time to check if this issue has been raised before?

  • I checked and didn't find similar issue

🏢 Have you read the Code of Conduct?
@pawan-59 pawan-59 added enhancement New feature or request needs-triage Issue is not approved or ready-to-work on labels Dec 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@abhibhaw abhibhaw

@nishant-d nishant-d

@prakarsh-dt prakarsh-dt

Labels
enhancement New feature or request needs-triage Issue is not approved or ready-to-work on
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@abhibhaw @nishant-d @prakarsh-dt @pawan-59