Skip to content

[9614] Seccomp Profile added to POD and Container page of all Worklods | Pod Name Validation fixed #16048

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 9 commits into
base: master
Choose a base branch
from
Open

[9614] Seccomp Profile added to POD and Container page of all Worklods | Pod Name Validation fixed #16048

wants to merge 9 commits into from
+782 −255

Conversation

@marcelofukumoto
Copy link

@marcelofukumoto marcelofukumoto commented Nov 26, 2025
edited
Loading

Summary

Fixes #9614

  • Added Seccomp Profile to the POD (create/edit) and Container (create/edit) Security Context
    • It contains 4 options
      • None, RuntimeDefault, Localhost, Unconfined
      • Some ref: https://kubernetes.io/docs/reference/node/seccomp/
        • Localhost has a second Input called Localhost Profile which is the Path of the file used
        • The new input requires a value (validation)
          • Added the (!) showing error for the Tab and the Security Context on the lsit
    • As default for POD the option selected is RuntimeDefault
    • As default for Container the option select is None
    • Those options are added to all Workloads
    • Pods cannot edit it (error)
      • But other workloads, they can
  • Fixed a validation for the NAME of the POD [BUG-9614-1]
    • The validation for the "Create" button to be enabled was not considering NAME
  • Fixed a bug where the YAML file got the config lost if changes the security context [BUG-9614-2]
  • Merged the Security from Pod and Container, adding a conditional if container or pod.
  • Change accessibility only for security context
    • Added focus on list click
    • Added some new texts for label
    • Fieldset added to the page

Occurred changes and/or fixed issues

#9614

  • pkg/rancher-components/src/components/Form/Checkbox/Checkbox.vue - [ACCESSIBILITY] Added some focus for Checkbox and styles as well
  • pkg/rancher-components/src/components/LabeledTooltip/LabeledTooltip.vue - [ACCESSIBILITY] Added Tooltip text to the Tooltip
  • shell/assets/styles/base/_typography.scss - [ACCESSIBILITY] Changed Typography to use H3 style for Legend, so we can use Fieldset
  • shell/assets/translations/en-us.yaml - Added new texts for the SeccompProfile fields, Added texts for accessibility, title for capabilities
  • shell/components/form/LabeledSelect.vue - [ACCESSIBILITY] Added for the Value to be added to accessibility
  • shell/components/form/SeccompProfile.vue - New component create to be reused on the Pod and Container pages to represent the SeccompProfile option
  • shell/components/form/Security.vue - Changed UI to accept container and pod changes, changed Yes/No Radio to Checkbox
  • shell/components/form/tests/LabeledSelect.test.ts - Test changed because of the label
  • shell/components/form/tests/SeccompProfile.test.js - Added test for the new component
  • shell/components/form/tests/Security.test.ts - Refactored to have more detailed tests
  • shell/edit/workload/tests/index.test.ts - Removed podFsGroup, not using anymore on the new structure
  • shell/edit/workload/index.vue - Security Context of the pod
  • shell/edit/workload/mixins/workload.js - Logic of the workload, added validation logics for the new Seccomp fields
  • shell/models/pod.js - Added the missing custom validation for the name on the pod model [BUG-9614-1]

Technical notes summary

  • The Update of the security context of the pod happens at the shell/edit/workload/mixins/workload.js for the podFsGroup. I could use the same place to update the changes on the SeccompProfile, but I decided to pass the podTemplateSpec directly to the Pod
  • I made sure that the YAML file is not rewritten when changing security context for containers (pod seems ok) [BUG-9614-2]

Areas or cases that should be tested

  • All workloads CREATE for POD and CONTAINERS
  • All workloads EDIT for POD and CONTAINER
  • Test cases on the PDF
    Issue 9614 - 2.pdf

Areas which could experience regressions

  • Create and Edit for POD and CONTAINER were edited
  • Since there was many changes to the page structure, Security Context needs to be texted throughly

Screenshot/Video

Checklist

  • The PR is linked to an issue and the linked issue has a Milestone, or no issue is needed
  • The PR has a Milestone
  • The PR template has been filled out
  • The PR has been self reviewed
  • The PR has a reviewer assigned
  • The PR has automated tests or clear instructions for manual tests and the linked issue has appropriate QA labels, or tests are not needed
  • The PR has reviewed with UX and tested in light and dark mode, or there are no UX changes
  • The PR has been reviewed in terms of Accessibility
  • The PR has considered, and if applicable tested with, the three Global Roles Admin, Standard User and User Base

@rancher-ui-project-bot rancher-ui-project-bot bot added this to the v2.14.0 milestone Nov 26, 2025
@marcelofukumoto marcelofukumoto marked this pull request as draft November 26, 2025 18:57
@marcelofukumoto marcelofukumoto marked this pull request as ready for review November 28, 2025 13:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@richard-cox richard-cox Awaiting requested review from richard-cox

@nwmac nwmac Awaiting requested review from nwmac

@kwwii kwwii Awaiting requested review from kwwii

At least 1 approving review is required to merge this pull request.

Assignees

@marcelofukumoto marcelofukumoto

Labels

None yet

Projects

None yet

Milestone

v2.14.0

Development

Successfully merging this pull request may close these issues.

Create Pod from UI is missing seccompprofile settings

1 participant

@marcelofukumoto