github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-01 15:58:37 +00:00
Code Issues Projects Releases Wiki Activity

Setup docker options according to windows security context

Browse Source
This commit is contained in:
Pengfei Ni 2018-05-18 10:26:33 +08:00
parent 6da502e016
commit 7ba26ba25c
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
pkg/kubelet/dockershim/helpers_windows.go
View File

@ -76,6 +76,9 @@ func (ds *dockerService) updateCreateConfig(
CPUPercent: rOpts.CpuMaximum, CPUPercent: rOpts.CpuMaximum,
} }
} }
// Apply security context.
applyWindowsContainerSecurityContext(wc.GetSecurityContext(), createConfig.Config, createConfig.HostConfig)
} }
applyExperimentalCreateConfig(createConfig, sandboxConfig.Annotations) applyExperimentalCreateConfig(createConfig, sandboxConfig.Annotations)
@ -83,6 +86,17 @@ func (ds *dockerService) updateCreateConfig(
return nil return nil
} }
// applyWindowsContainerSecurityContext updates docker container options according to security context.
func applyWindowsContainerSecurityContext(wsc *runtimeapi.WindowsContainerSecurityContext, config *dockercontainer.Config, hc *dockercontainer.HostConfig) {
if wsc == nil {
return
}
if wsc.GetRunAsUsername() != "" {
config.User = wsc.GetRunAsUsername()
}
}
func (ds *dockerService) determinePodIPBySandboxID(sandboxID string, sandbox *dockertypes.ContainerJSON) string { func (ds *dockerService) determinePodIPBySandboxID(sandboxID string, sandbox *dockertypes.ContainerJSON) string {
// Versions and feature support // Versions and feature support
// ============================ // ============================