github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add non-root directive to SC and kubelet checking

Browse Source
This commit is contained in:
Paul Weil
2015-08-10 13:30:34 -04:00
parent 72db123025
commit e490c20c22
11 changed files with 356 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
pkg/api/deep_copy_generated.go
View File

@@ -1803,6 +1803,7 @@ func deepCopy_api_SecurityContext(in SecurityContext, out *SecurityContext, c *c
} else {
out.RunAsUser = nil
}
out.RunAsNonRoot = in.RunAsNonRoot
return nil
}

5
pkg/api/types.go
View File

@@ -2166,6 +2166,11 @@ type SecurityContext struct {
// RunAsUser is the UID to run the entrypoint of the container process.
RunAsUser *int64 `json:"runAsUser,omitempty"`
// RunAsNonRoot indicates that the container should be run as a non-root user. If the RunAsUser
// field is not explicitly set then the kubelet may check the image for a specified user or
// perform defaulting to specify a user.
RunAsNonRoot bool
}
// SELinuxOptions are the labels to be applied to the container.

2
pkg/api/v1/conversion_generated.go
View File

@@ -2002,6 +2002,7 @@ func convert_api_SecurityContext_To_v1_SecurityContext(in *api.SecurityContext,
} else {
out.RunAsUser = nil
}
out.RunAsNonRoot = in.RunAsNonRoot
return nil
}
@@ -4344,6 +4345,7 @@ func convert_v1_SecurityContext_To_api_SecurityContext(in *SecurityContext, out
} else {
out.RunAsUser = nil
}
out.RunAsNonRoot = in.RunAsNonRoot
return nil
}

1
pkg/api/v1/deep_copy_generated.go
View File

@@ -1812,6 +1812,7 @@ func deepCopy_v1_SecurityContext(in SecurityContext, out *SecurityContext, c *co
} else {
out.RunAsUser = nil
}
out.RunAsNonRoot = in.RunAsNonRoot
return nil
}

5
pkg/api/v1/types.go
View File

@@ -2030,6 +2030,11 @@ type SecurityContext struct {
// RunAsUser is the UID to run the entrypoint of the container process.
RunAsUser *int64 `json:"runAsUser,omitempty" description:"the user id that runs the first process in the container; see http://releases.k8s.io/HEAD/docs/design/security_context.md#security-context"`
// RunAsNonRoot indicates that the container should be run as a non-root user. If the RunAsUser
// field is not explicitly set then the kubelet may check the image for a specified user or
// perform defaulting to specify a user.
RunAsNonRoot bool `json:"runAsNonRoot,omitempty" description:"indicates the container must be run as a non-root user either by specifying the runAsUser or in the image specification"`
}
// SELinuxOptions are the labels to be applied to the container