From 3a3fab3f823e69d3464ee8980c017c0ed8dc9665 Mon Sep 17 00:00:00 2001
From: Dan Mace <ironcladlou@gmail.com>
Date: Tue, 12 Aug 2014 09:04:00 -0400
Subject: [PATCH] FEATURE: Support privileged containers in a pod

Add a Privileged field to containers in a pod, in order to facilitate pods
performing administrative tasks such as builds via Docker-in-Docker.

Discussion: https://github.com/GoogleCloudPlatform/kubernetes/issues/391
---
 pkg/api/types.go         | 2 ++
 pkg/api/v1beta1/types.go | 2 ++
 pkg/kubelet/kubelet.go   | 1 +
 3 files changed, 5 insertions(+)

diff --git a/pkg/api/types.go b/pkg/api/types.go
index 981de1b2244..2d446df5c51 100644
--- a/pkg/api/types.go
+++ b/pkg/api/types.go
@@ -195,6 +195,8 @@ type Container struct {
 	VolumeMounts  []VolumeMount  `yaml:"volumeMounts,omitempty" json:"volumeMounts,omitempty"`
 	LivenessProbe *LivenessProbe `yaml:"livenessProbe,omitempty" json:"livenessProbe,omitempty"`
 	Lifecycle     *Lifecycle     `yaml:"lifecycle,omitempty" json:"lifecycle,omitempty"`
+	// Optional: Default to false.
+	Privileged bool `json:"privileged,omitempty" yaml:"privileged,omitempty"`
 }
 
 // Handler defines a specific action that should be taken
diff --git a/pkg/api/v1beta1/types.go b/pkg/api/v1beta1/types.go
index fef44d35681..552f61f2c28 100644
--- a/pkg/api/v1beta1/types.go
+++ b/pkg/api/v1beta1/types.go
@@ -205,6 +205,8 @@ type Container struct {
 	VolumeMounts  []VolumeMount  `yaml:"volumeMounts,omitempty" json:"volumeMounts,omitempty"`
 	LivenessProbe *LivenessProbe `yaml:"livenessProbe,omitempty" json:"livenessProbe,omitempty"`
 	Lifecycle     *Lifecycle     `yaml:"lifecycle,omitempty" json:"lifecycle,omitempty"`
+	// Optional: Default to false.
+	Privileged bool `json:"privileged,omitempty" yaml:"privileged,omitempty"`
 }
 
 // Handler defines a specific action that should be taken
diff --git a/pkg/kubelet/kubelet.go b/pkg/kubelet/kubelet.go
index 79ab7843a6f..22845dba261 100644
--- a/pkg/kubelet/kubelet.go
+++ b/pkg/kubelet/kubelet.go
@@ -339,6 +339,7 @@ func (kl *Kubelet) runContainer(pod *Pod, container *api.Container, podVolumes v
 		PortBindings: portBindings,
 		Binds:        binds,
 		NetworkMode:  netMode,
+		Privileged:   container.Privileged,
 	})
 	if err == nil && container.Lifecycle != nil && container.Lifecycle.PostStart != nil {
 		handlerErr := kl.runHandler(GetPodFullName(pod), pod.Manifest.UUID, container, container.Lifecycle.PostStart)