github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 11:50:44 +00:00
Code Issues Projects Releases Wiki Activity

Add sysctls to the ouput of describe on PSPs

Browse Source 
When promoting the sysctls feature for PSPs, the output of the
`kubectl describe` command was forgotten about. This commit
adds the `AllowedUnsafeSysctls` and `ForbiddenSysctls` fields
to the output of that command.
This commit is contained in:
Stanislav Laznicka 2018-06-19 14:55:13 +02:00
parent b005f2fba3
commit dd667ec621
No known key found for this signature in database
GPG Key ID: C98C414936B1A7F3
2 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
pkg/printers/internalversion/describe.go
View File

@ -3530,6 +3530,12 @@ func describePodSecurityPolicy(psp *policy.PodSecurityPolicy) (string, error) {
if len(psp.Spec.AllowedFlexVolumes) > 0 {
w.Write(LEVEL_1, "Allowed FlexVolume Types:\t%s\n", flexVolumesToString(psp.Spec.AllowedFlexVolumes))
}
if len(psp.Spec.AllowedUnsafeSysctls) > 0 {
w.Write(LEVEL_1, "Allowed Unsafe Sysctls:\t%s\n", sysctlsToString(psp.Spec.AllowedUnsafeSysctls))
}
if len(psp.Spec.ForbiddenSysctls) > 0 {
w.Write(LEVEL_1, "Forbidden Sysctls:\t%s\n", sysctlsToString(psp.Spec.ForbiddenSysctls))
}
w.Write(LEVEL_1, "Allow Host Network:\t%t\n", psp.Spec.HostNetwork)
w.Write(LEVEL_1, "Allow Host Ports:\t%s\n", hostPortRangeToString(psp.Spec.HostPorts))
w.Write(LEVEL_1, "Allow Host PID:\t%t\n", psp.Spec.HostPID)
@ -3589,6 +3595,10 @@ func flexVolumesToString(flexVolumes []policy.AllowedFlexVolume) string {
return stringOrDefaultValue(strings.Join(volumes, ","), "<all>")
}
func sysctlsToString(sysctls []string) string {
return stringOrNone(strings.Join(sysctls, ","))
}
func hostPortRangeToString(ranges []policy.HostPortRange) string {
formattedString := ""
if ranges != nil {

4
pkg/printers/internalversion/describe_test.go
View File

@ -2228,6 +2228,8 @@ func TestDescribePodSecurityPolicy(t *testing.T) {
"Required Drop Capabilities:\\s*<none>",
"Allowed Capabilities:\\s*<none>",
"Allowed Volume Types:\\s*<none>",
"Allowed Unsafe Sysctls:\\s*kernel\\.\\*,net\\.ipv4.ip_local_port_range",
"Forbidden Sysctls:\\s*net\\.ipv4\\.ip_default_ttl",
"Allow Host Network:\\s*false",
"Allow Host Ports:\\s*<none>",
"Allow Host PID:\\s*false",
@ -2248,6 +2250,8 @@ func TestDescribePodSecurityPolicy(t *testing.T) {
Name: "mypsp",
},
Spec: policy.PodSecurityPolicySpec{
AllowedUnsafeSysctls: []string{"kernel.*", "net.ipv4.ip_local_port_range"},
ForbiddenSysctls: []string{"net.ipv4.ip_default_ttl"},
SELinux: policy.SELinuxStrategyOptions{
Rule: policy.SELinuxStrategyRunAsAny,
},