forked from LaconicNetwork/kompose
feat: add read only fs support
Signed-off-by: AhmedGrati <ahmedgrati1999@gmail.com>
This commit is contained in:
AhmedGrati
parent
21509824ff
commit
4a08d41242
@ -110,6 +110,7 @@ type ServiceConfig struct {
|
||||
WorkingDir string `compose:""`
|
||||
DomainName string `compose:"domainname"`
|
||||
HostName string `compose:"hostname"`
|
||||
ReadOnly bool `compose:"read_only"`
|
||||
Args []string `compose:"args"`
|
||||
VolList []string `compose:"volumes"`
|
||||
Network []string `compose:"network"`
|
||||
|
||||
@ -462,6 +462,7 @@ func dockerComposeToKomposeMapping(composeObject *types.Project) (kobject.Kompos
|
||||
serviceConfig.Expose = composeServiceConfig.Expose
|
||||
serviceConfig.Privileged = composeServiceConfig.Privileged
|
||||
serviceConfig.User = composeServiceConfig.User
|
||||
serviceConfig.ReadOnly = composeServiceConfig.ReadOnly
|
||||
serviceConfig.Stdin = composeServiceConfig.StdinOpen
|
||||
serviceConfig.Tty = composeServiceConfig.Tty
|
||||
serviceConfig.TmpFs = composeServiceConfig.Tmpfs
|
||||
|
||||
@ -573,6 +573,11 @@ func (k *Kubernetes) UpdateKubernetesObjects(name string, service kobject.Servic
|
||||
securityContext.Capabilities = capabilities
|
||||
}
|
||||
|
||||
//set readOnlyRootFilesystem if it is enabled
|
||||
if service.ReadOnly {
|
||||
securityContext.ReadOnlyRootFilesystem = &service.ReadOnly
|
||||
}
|
||||
|
||||
// update template only if securityContext is not empty
|
||||
if *securityContext != (api.SecurityContext{}) {
|
||||
template.Spec.Containers[0].SecurityContext = securityContext
|
||||
|
||||
Loading…
Reference in New Issue
Block a user