)]}'
{
  "commit": "4cfcc0b0b25fba463225feae64232d40e02b570c",
  "tree": "69a7d9ce2d531c763d482e340afe5ceced40c068",
  "parents": [
    "c5e0dbd3437d5c739d42d7724a619b126eabdbf5"
  ],
  "author": {
    "name": "Leopold Schabel",
    "email": "leo@monogon.tech",
    "time": "Wed Jul 24 13:23:26 2024 +0000"
  },
  "committer": {
    "name": "Leopold Schabel",
    "email": "leo@monogon.tech",
    "time": "Thu Jul 25 12:02:52 2024 +0000"
  },
  "message": "metropolis/node/kubernetes: allow privileged pods\n\nThere are valid use cases for privileged pods in low-assurance clusters.\nIn particular, \"kubectl debug node/... --profile\u003dsysadmin\" is very\nuseful for debugging and requires privileged pods.\n\nIn a production cluster, we\u0027d want to restrict privileged pods\nand other dangerous capabilities (which are already allowed)\nusing pod security or more sophisticated admission controllers,\nincluding enforcing future cluster integrity policy levels.\n\nChange-Id: I8f6470f636cdd13b7c980f04f08f95aaff833b20\nReviewed-on: https://review.monogon.dev/c/monogon/+/3246\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "45b2582b8497a184e5bd692db742dfc671615839",
      "old_mode": 33188,
      "old_path": "metropolis/node/kubernetes/apiserver.go",
      "new_id": "e4df4a972a2ddbd73ea90bf0f0aaed3f352b1f0c",
      "new_mode": 33188,
      "new_path": "metropolis/node/kubernetes/apiserver.go"
    }
  ]
}