cerc-io/stack-orchestrator
17
1
Fork 1
Code Issues 110 Pull Requests 12 Actions Packages Projects Releases 473 Wiki Activity

security context

Browse Source
This commit is contained in:
Thomas E Lackey 2024-02-08 17:21:23 -06:00
parent dde00b7606
commit f7e0148ea0
2 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
stack_orchestrator/deploy/k8s/cluster_info.py
View File

@ -281,6 +281,12 @@ class ClusterInfo:
env=envs,
ports=[client.V1ContainerPort(container_port=port)],
volume_mounts=volume_mounts,
security_context=client.V1SecurityContext(
privileged=self.spec.get_privileged(),
capabilities=client.V1Capabilities(
add=self.spec.get_capabilities()
) if self.spec.get_capabilities() else None
),
resources=to_k8s_resource_requirements(resources),
)
containers.append(container)

6
stack_orchestrator/deploy/spec.py
View File

@ -112,3 +112,9 @@ class Spec:
def get_labels(self):
return self.obj.get("labels", {})
def get_privileged(self):
return "true" == str(self.obj.get("security", {}).get("privileged", "false")).lower()
def get_capabilities(self):
return self.obj.get("security", {}).get("capabilities", [])