From 5a94a9fdbcbbccebd60bbcdddef2bc5e12cdf9ac Mon Sep 17 00:00:00 2001 From: Tomas Kral Date: Thu, 27 Oct 2016 15:13:33 +0200 Subject: [PATCH] Add support for user --- pkg/transformer/kubernetes/k8sutils.go | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/pkg/transformer/kubernetes/k8sutils.go b/pkg/transformer/kubernetes/k8sutils.go index bce4bade..3b66016f 100644 --- a/pkg/transformer/kubernetes/k8sutils.go +++ b/pkg/transformer/kubernetes/k8sutils.go @@ -23,6 +23,7 @@ import ( "io/ioutil" "os" "path/filepath" + "strconv" "strings" "text/template" @@ -286,12 +287,25 @@ func (k *Kubernetes) UpdateKubernetesObjects(name string, service kobject.Servic template.Spec.Containers[0].WorkingDir = service.WorkingDir template.Spec.Containers[0].VolumeMounts = volumesMount template.Spec.Volumes = volumes - // Configure the container privileged mode + + securityContext := &api.SecurityContext{} if service.Privileged == true { - template.Spec.Containers[0].SecurityContext = &api.SecurityContext{ - Privileged: &service.Privileged, - } + securityContext.Privileged = &service.Privileged } + if service.User != "" { + uid, err := strconv.ParseInt(service.User, 10, 64) + if err != nil { + logrus.Warn("Ignoring user directive. User to be specified as a UID (numeric).") + } else { + securityContext.RunAsUser = &uid + } + + } + // update template only if securityContext is not empty + if *securityContext != (api.SecurityContext{}) { + template.Spec.Containers[0].SecurityContext = securityContext + } + template.Spec.Containers[0].Ports = ports template.ObjectMeta.Labels = transformer.ConfigLabels(name) // Configure the container restart policy.