Merge pull request #90569 from brianpursley/kubectl-721

Added --privileged flag to kubectl run
This commit is contained in:
Kubernetes Prow Robot 2020-06-10 04:38:22 -07:00 committed by GitHub
commit 5b76272c35
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 54 additions and 6 deletions

View File

@ -120,6 +120,7 @@ type RunOptions struct {
Interactive bool
LeaveStdinOpen bool
Port string
Privileged bool
Quiet bool
Schedule string
TTY bool
@ -202,6 +203,7 @@ func addRunFlags(cmd *cobra.Command, opt *RunOptions) {
cmd.Flags().BoolVar(&opt.Quiet, "quiet", opt.Quiet, "If true, suppress prompt messages.")
cmd.Flags().StringVar(&opt.Schedule, "schedule", opt.Schedule, i18n.T("A schedule in the Cron format the job should be run with."))
cmd.Flags().MarkDeprecated("schedule", "has no effect and will be removed in the future.")
cmd.Flags().BoolVar(&opt.Privileged, "privileged", opt.Privileged, i18n.T("If true, run the container in privileged mode."))
cmdutil.AddFieldManagerFlagVar(cmd, &opt.fieldManager, "kubectl-run")
}

View File

@ -229,6 +229,7 @@ func (BasicPod) ParamNames() []generate.GeneratorParam {
{Name: "requests", Required: false},
{Name: "limits", Required: false},
{Name: "serviceaccount", Required: false},
{Name: "privileged", Required: false},
}
}
@ -281,6 +282,18 @@ func (BasicPod) Generate(genericParams map[string]interface{}) (runtime.Object,
if len(restartPolicy) == 0 {
restartPolicy = v1.RestartPolicyAlways
}
privileged, err := generate.GetBool(params, "privileged", false)
if err != nil {
return nil, err
}
var securityContext *v1.SecurityContext
if privileged {
securityContext = &v1.SecurityContext{
Privileged: &privileged,
}
}
pod := v1.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: name,
@ -290,12 +303,13 @@ func (BasicPod) Generate(genericParams map[string]interface{}) (runtime.Object,
ServiceAccountName: params["serviceaccount"],
Containers: []v1.Container{
{
Name: name,
Image: params["image"],
Stdin: stdin,
StdinOnce: !leaveStdinOpen && stdin,
TTY: tty,
Resources: resourceRequirements,
Name: name,
Image: params["image"],
Stdin: stdin,
StdinOnce: !leaveStdinOpen && stdin,
TTY: tty,
Resources: resourceRequirements,
SecurityContext: securityContext,
},
},
DNSPolicy: v1.DNSClusterFirst,

View File

@ -254,6 +254,32 @@ func TestGeneratePod(t *testing.T) {
},
},
},
{
name: "test10: privileged mode",
params: map[string]interface{}{
"name": "foo",
"image": "someimage",
"replicas": "1",
"privileged": "true",
},
expected: &v1.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: "foo",
Labels: map[string]string{"run": "foo"},
},
Spec: v1.PodSpec{
Containers: []v1.Container{
{
Name: "foo",
Image: "someimage",
SecurityContext: securityContextWithPrivilege(true),
},
},
DNSPolicy: v1.DNSClusterFirst,
RestartPolicy: v1.RestartPolicyAlways,
},
},
},
}
generator := BasicPod{}
for _, tt := range tests {
@ -358,3 +384,9 @@ func TestParseEnv(t *testing.T) {
})
}
}
func securityContextWithPrivilege(privileged bool) *v1.SecurityContext {
return &v1.SecurityContext{
Privileged: &privileged,
}
}