mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-08-03 01:06:27 +00:00
Merge pull request #90569 from brianpursley/kubectl-721
Added --privileged flag to kubectl run
This commit is contained in:
Kubernetes Prow Robot
GitHub
commit
5b76272c35
@ -120,6 +120,7 @@ type RunOptions struct {
|
|||||||
Interactive bool
|
Interactive bool
|
||||||
LeaveStdinOpen bool
|
LeaveStdinOpen bool
|
||||||
Port string
|
Port string
|
||||||
|
Privileged bool
|
||||||
Quiet bool
|
Quiet bool
|
||||||
Schedule string
|
Schedule string
|
||||||
TTY bool
|
TTY bool
|
||||||
@ -202,6 +203,7 @@ func addRunFlags(cmd *cobra.Command, opt *RunOptions) {
|
|||||||
cmd.Flags().BoolVar(&opt.Quiet, "quiet", opt.Quiet, "If true, suppress prompt messages.")
|
cmd.Flags().BoolVar(&opt.Quiet, "quiet", opt.Quiet, "If true, suppress prompt messages.")
|
||||||
cmd.Flags().StringVar(&opt.Schedule, "schedule", opt.Schedule, i18n.T("A schedule in the Cron format the job should be run with."))
|
cmd.Flags().StringVar(&opt.Schedule, "schedule", opt.Schedule, i18n.T("A schedule in the Cron format the job should be run with."))
|
||||||
cmd.Flags().MarkDeprecated("schedule", "has no effect and will be removed in the future.")
|
cmd.Flags().MarkDeprecated("schedule", "has no effect and will be removed in the future.")
|
||||||
|
cmd.Flags().BoolVar(&opt.Privileged, "privileged", opt.Privileged, i18n.T("If true, run the container in privileged mode."))
|
||||||
cmdutil.AddFieldManagerFlagVar(cmd, &opt.fieldManager, "kubectl-run")
|
cmdutil.AddFieldManagerFlagVar(cmd, &opt.fieldManager, "kubectl-run")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -229,6 +229,7 @@ func (BasicPod) ParamNames() []generate.GeneratorParam {
|
|||||||
{Name: "requests", Required: false},
|
{Name: "requests", Required: false},
|
||||||
{Name: "limits", Required: false},
|
{Name: "limits", Required: false},
|
||||||
{Name: "serviceaccount", Required: false},
|
{Name: "serviceaccount", Required: false},
|
||||||
|
{Name: "privileged", Required: false},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -281,6 +282,18 @@ func (BasicPod) Generate(genericParams map[string]interface{}) (runtime.Object,
|
|||||||
if len(restartPolicy) == 0 {
|
if len(restartPolicy) == 0 {
|
||||||
restartPolicy = v1.RestartPolicyAlways
|
restartPolicy = v1.RestartPolicyAlways
|
||||||
}
|
}
|
||||||
|
|
||||||
|
privileged, err := generate.GetBool(params, "privileged", false)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
var securityContext *v1.SecurityContext
|
||||||
|
if privileged {
|
||||||
|
securityContext = &v1.SecurityContext{
|
||||||
|
Privileged: &privileged,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
pod := v1.Pod{
|
pod := v1.Pod{
|
||||||
ObjectMeta: metav1.ObjectMeta{
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
Name: name,
|
Name: name,
|
||||||
@ -290,12 +303,13 @@ func (BasicPod) Generate(genericParams map[string]interface{}) (runtime.Object,
|
|||||||
ServiceAccountName: params["serviceaccount"],
|
ServiceAccountName: params["serviceaccount"],
|
||||||
Containers: []v1.Container{
|
Containers: []v1.Container{
|
||||||
{
|
{
|
||||||
Name: name,
|
Name: name,
|
||||||
Image: params["image"],
|
Image: params["image"],
|
||||||
Stdin: stdin,
|
Stdin: stdin,
|
||||||
StdinOnce: !leaveStdinOpen && stdin,
|
StdinOnce: !leaveStdinOpen && stdin,
|
||||||
TTY: tty,
|
TTY: tty,
|
||||||
Resources: resourceRequirements,
|
Resources: resourceRequirements,
|
||||||
|
SecurityContext: securityContext,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
DNSPolicy: v1.DNSClusterFirst,
|
DNSPolicy: v1.DNSClusterFirst,
|
||||||
|
|||||||
@ -254,6 +254,32 @@ func TestGeneratePod(t *testing.T) {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
name: "test10: privileged mode",
|
||||||
|
params: map[string]interface{}{
|
||||||
|
"name": "foo",
|
||||||
|
"image": "someimage",
|
||||||
|
"replicas": "1",
|
||||||
|
"privileged": "true",
|
||||||
|
},
|
||||||
|
expected: &v1.Pod{
|
||||||
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
|
Name: "foo",
|
||||||
|
Labels: map[string]string{"run": "foo"},
|
||||||
|
},
|
||||||
|
Spec: v1.PodSpec{
|
||||||
|
Containers: []v1.Container{
|
||||||
|
{
|
||||||
|
Name: "foo",
|
||||||
|
Image: "someimage",
|
||||||
|
SecurityContext: securityContextWithPrivilege(true),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
DNSPolicy: v1.DNSClusterFirst,
|
||||||
|
RestartPolicy: v1.RestartPolicyAlways,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
}
|
}
|
||||||
generator := BasicPod{}
|
generator := BasicPod{}
|
||||||
for _, tt := range tests {
|
for _, tt := range tests {
|
||||||
@ -358,3 +384,9 @@ func TestParseEnv(t *testing.T) {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func securityContextWithPrivilege(privileged bool) *v1.SecurityContext {
|
||||||
|
return &v1.SecurityContext{
|
||||||
|
Privileged: &privileged,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user