github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 11:50:44 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #65218 from stlaz/sysctls_describe

Browse Source 
Automatic merge from submit-queue (batch tested with PRs 65064, 65218, 65260, 65241, 64372). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Add sysctls to the ouput of `describe` on PSPs

**What this PR does / why we need it**:
When promoting the sysctls feature for PSPs, the output of the
`kubectl describe` command was forgotten about. This commit
adds the `AllowedUnsafeSysctls` and `ForbiddenSysctls` fields
to the output of that command.

**Which issue(s) this PR fixes** :
Fixes #65181 

**Release notes**:
```release-note
NONE
```
This commit is contained in:
Kubernetes Submit Queue 2018-06-21 21:12:12 -07:00 committed by GitHub
commit b5ea862f52
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
pkg/printers/internalversion/describe.go
View File

@ -3530,6 +3530,12 @@ func describePodSecurityPolicy(psp *policy.PodSecurityPolicy) (string, error) {
if len(psp.Spec.AllowedFlexVolumes) > 0 {
w.Write(LEVEL_1, "Allowed FlexVolume Types:\t%s\n", flexVolumesToString(psp.Spec.AllowedFlexVolumes))
}
if len(psp.Spec.AllowedUnsafeSysctls) > 0 {
w.Write(LEVEL_1, "Allowed Unsafe Sysctls:\t%s\n", sysctlsToString(psp.Spec.AllowedUnsafeSysctls))
}
if len(psp.Spec.ForbiddenSysctls) > 0 {
w.Write(LEVEL_1, "Forbidden Sysctls:\t%s\n", sysctlsToString(psp.Spec.ForbiddenSysctls))
}
w.Write(LEVEL_1, "Allow Host Network:\t%t\n", psp.Spec.HostNetwork)
w.Write(LEVEL_1, "Allow Host Ports:\t%s\n", hostPortRangeToString(psp.Spec.HostPorts))
w.Write(LEVEL_1, "Allow Host PID:\t%t\n", psp.Spec.HostPID)
@ -3589,6 +3595,10 @@ func flexVolumesToString(flexVolumes []policy.AllowedFlexVolume) string {
return stringOrDefaultValue(strings.Join(volumes, ","), "<all>")
}
func sysctlsToString(sysctls []string) string {
return stringOrNone(strings.Join(sysctls, ","))
}
func hostPortRangeToString(ranges []policy.HostPortRange) string {
formattedString := ""
if ranges != nil {

4
pkg/printers/internalversion/describe_test.go
View File

@ -2228,6 +2228,8 @@ func TestDescribePodSecurityPolicy(t *testing.T) {
"Required Drop Capabilities:\\s*<none>",
"Allowed Capabilities:\\s*<none>",
"Allowed Volume Types:\\s*<none>",
"Allowed Unsafe Sysctls:\\s*kernel\\.\\*,net\\.ipv4.ip_local_port_range",
"Forbidden Sysctls:\\s*net\\.ipv4\\.ip_default_ttl",
"Allow Host Network:\\s*false",
"Allow Host Ports:\\s*<none>",
"Allow Host PID:\\s*false",
@ -2248,6 +2250,8 @@ func TestDescribePodSecurityPolicy(t *testing.T) {
Name: "mypsp",
},
Spec: policy.PodSecurityPolicySpec{
AllowedUnsafeSysctls: []string{"kernel.*", "net.ipv4.ip_local_port_range"},
ForbiddenSysctls: []string{"net.ipv4.ip_default_ttl"},
SELinux: policy.SELinuxStrategyOptions{
Rule: policy.SELinuxStrategyRunAsAny,
},