Config to specify isolation technology for container

[rahul-kulkarni73]

No description provided.

[codecov]

Codecov Report

Merging #1376 (1ad3cad) into master (3d9cdbf) will increase coverage by 0.04%.
The diff coverage is 100.00%.

@@             Coverage Diff              @@
##             master    #1376      +/-   ##
============================================
+ Coverage     59.03%   59.07%   +0.04%     
- Complexity     1985     1989       +4     
============================================
  Files           162      162              
  Lines          9023     9032       +9     
  Branches       1364     1365       +1     
============================================
+ Hits           5327     5336       +9     
  Misses         3205     3205              
  Partials        491      491              

Impacted Files	Coverage Δ	Complexity Δ
...bric8/maven/docker/access/ContainerHostConfig.java	93.20% <100.00%> (+0.06%)	50.00 <1.00> (+1.00)
...ic8/maven/docker/config/RunImageConfiguration.java	91.66% <100.00%> (+0.15%)	54.00 <1.00> (+1.00)
...ig/handler/compose/DockerComposeConfigHandler.java	71.87% <100.00%> (+0.29%)	17.00 <0.00> (ø)
...g/handler/compose/DockerComposeServiceWrapper.java	61.76% <100.00%> (+0.18%)	63.00 <1.00> (+1.00)
...aven/docker/config/handler/property/ConfigKey.java	100.00% <100.00%> (ø)	10.00 <0.00> (ø)
...config/handler/property/PropertyConfigHandler.java	80.91% <100.00%> (+0.07%)	136.00 <0.00> (+1.00)
...va/io/fabric8/maven/docker/service/RunService.java	62.63% <100.00%> (+0.13%)	40.00 <0.00> (ø)

[dermot-hardy]

Hi. Is there a way to reference the plugin built from this branch?

[rohanKanojia]

I think https://jitpack.io/ might help

[rhuss]

Thanks a lot for the PR ! Sound reasonable to me, we will consider this for one of the next releases (but please note that this plugin is on low maintenance mode, which means things might take a bit longer than normally).

Do you know since which API version the Isolation option is available for Docker ?

[rahul-kulkarni73]

Kernel namespaces were introduced between kernel version 2.6.15 and 2.6.26. This means that since July 2008 (date of the 2.6.26 release ), namespace code has been exercised and scrutinized on a large number of production systems.
https://man7.org/linux/man-pages/man7/namespaces.7.html

Seems like docker allowed process isolation in this version
https://github.com/docker/docker-ce/releases/tag/v18.09.1 (Jan 2019)
docker-archive/engine#81

Found this docker doc dated 2016 https://www.docker.com/sites/default/files/WP_IntrotoContainerSecurity_08.19.2016.pdf.

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!

0 Bugs
0 Vulnerabilities (and 0 Security Hotspots to review)
0 Code Smells

100.0% Coverage
0.0% Duplication

[rahul-kulkarni73]

@rhuss Any updates on possibility of getting this change in ?

[rohanKanojia]

Sorry for late response. I think we should get this in for our upcoming release (0.35.0) Let's try to get this merged in coming week so that we can have it in our next release

[rhuss]

Looks good to me, and I guess that since this feature is added on request, it's not harmful when running against an older Docker that is not supporting that parameter (as in this case the user needs to take care whether to configure Isolation or not)

Please add a doc/changelog.md entry, then I think we are good to merge.