forked from LaconicNetwork/kompose
3db5069ff5
reason for this is that openshift/kubernetes backported k8s.io/kubernetes/pkg/securitycontextconstraints/util that is currently required by something that github.com/openshift/origin/pkg/deploy/api/v1 depends on
416 lines
11 KiB
Go
416 lines
11 KiB
Go
/*
|
|
Copyright 2015 The Kubernetes Authors All rights reserved.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package v1
|
|
|
|
import (
|
|
"strings"
|
|
|
|
"k8s.io/kubernetes/pkg/runtime"
|
|
|
|
sccutil "k8s.io/kubernetes/pkg/securitycontextconstraints/util"
|
|
|
|
"k8s.io/kubernetes/pkg/util"
|
|
"k8s.io/kubernetes/pkg/util/intstr"
|
|
"k8s.io/kubernetes/pkg/util/parsers"
|
|
"k8s.io/kubernetes/pkg/util/sets"
|
|
)
|
|
|
|
func addDefaultingFuncs(scheme *runtime.Scheme) {
|
|
scheme.AddDefaultingFuncs(
|
|
SetDefaults_PodExecOptions,
|
|
SetDefaults_PodAttachOptions,
|
|
SetDefaults_ReplicationController,
|
|
SetDefaults_Volume,
|
|
SetDefaults_ContainerPort,
|
|
SetDefaults_Container,
|
|
SetDefaults_ServiceSpec,
|
|
SetDefaults_Pod,
|
|
SetDefaults_PodSpec,
|
|
SetDefaults_Probe,
|
|
SetDefaults_Secret,
|
|
SetDefaults_PersistentVolume,
|
|
SetDefaults_PersistentVolumeClaim,
|
|
SetDefaults_ISCSIVolumeSource,
|
|
SetDefaults_Endpoints,
|
|
SetDefaults_HTTPGetAction,
|
|
SetDefaults_NamespaceStatus,
|
|
SetDefaults_Node,
|
|
SetDefaults_NodeStatus,
|
|
SetDefaults_ObjectFieldSelector,
|
|
SetDefaults_LimitRangeItem,
|
|
SetDefaults_ConfigMap,
|
|
SetDefaults_RBDVolumeSource,
|
|
SetDefaults_SCC,
|
|
SetDefaults_ServicePort,
|
|
SetDefaults_EndpointPort,
|
|
)
|
|
}
|
|
|
|
func SetDefaults_ServicePort(obj *ServicePort) {
|
|
// Carry conversion to make port case valid
|
|
switch strings.ToUpper(string(obj.Protocol)) {
|
|
case string(ProtocolTCP):
|
|
obj.Protocol = ProtocolTCP
|
|
case string(ProtocolUDP):
|
|
obj.Protocol = ProtocolUDP
|
|
}
|
|
}
|
|
|
|
func SetDefaults_EndpointPort(obj *EndpointPort) {
|
|
// Carry conversion to make port case valid
|
|
switch strings.ToUpper(string(obj.Protocol)) {
|
|
case string(ProtocolTCP):
|
|
obj.Protocol = ProtocolTCP
|
|
case string(ProtocolUDP):
|
|
obj.Protocol = ProtocolUDP
|
|
}
|
|
}
|
|
|
|
func SetDefaults_PodExecOptions(obj *PodExecOptions) {
|
|
obj.Stdout = true
|
|
obj.Stderr = true
|
|
}
|
|
func SetDefaults_PodAttachOptions(obj *PodAttachOptions) {
|
|
obj.Stdout = true
|
|
obj.Stderr = true
|
|
}
|
|
func SetDefaults_ReplicationController(obj *ReplicationController) {
|
|
var labels map[string]string
|
|
if obj.Spec.Template != nil {
|
|
labels = obj.Spec.Template.Labels
|
|
}
|
|
// TODO: support templates defined elsewhere when we support them in the API
|
|
if labels != nil {
|
|
if len(obj.Spec.Selector) == 0 {
|
|
obj.Spec.Selector = labels
|
|
}
|
|
if len(obj.Labels) == 0 {
|
|
obj.Labels = labels
|
|
}
|
|
}
|
|
if obj.Spec.Replicas == nil {
|
|
obj.Spec.Replicas = new(int32)
|
|
*obj.Spec.Replicas = 1
|
|
}
|
|
}
|
|
func SetDefaults_Volume(obj *Volume) {
|
|
if util.AllPtrFieldsNil(&obj.VolumeSource) {
|
|
obj.VolumeSource = VolumeSource{
|
|
EmptyDir: &EmptyDirVolumeSource{},
|
|
}
|
|
}
|
|
}
|
|
func SetDefaults_ContainerPort(obj *ContainerPort) {
|
|
if obj.Protocol == "" {
|
|
obj.Protocol = ProtocolTCP
|
|
}
|
|
// Carry conversion to make port case valid
|
|
switch strings.ToUpper(string(obj.Protocol)) {
|
|
case string(ProtocolTCP):
|
|
obj.Protocol = ProtocolTCP
|
|
case string(ProtocolUDP):
|
|
obj.Protocol = ProtocolUDP
|
|
}
|
|
}
|
|
func SetDefaults_Container(obj *Container) {
|
|
if obj.ImagePullPolicy == "" {
|
|
// Ignore error and assume it has been validated elsewhere
|
|
_, tag, _, _ := parsers.ParseImageName(obj.Image)
|
|
|
|
// Check image tag
|
|
|
|
if tag == "latest" {
|
|
obj.ImagePullPolicy = PullAlways
|
|
} else {
|
|
obj.ImagePullPolicy = PullIfNotPresent
|
|
}
|
|
}
|
|
if obj.TerminationMessagePath == "" {
|
|
obj.TerminationMessagePath = TerminationMessagePathDefault
|
|
}
|
|
}
|
|
func SetDefaults_ServiceSpec(obj *ServiceSpec) {
|
|
if obj.SessionAffinity == "" {
|
|
obj.SessionAffinity = ServiceAffinityNone
|
|
}
|
|
if obj.Type == "" {
|
|
obj.Type = ServiceTypeClusterIP
|
|
}
|
|
for i := range obj.Ports {
|
|
sp := &obj.Ports[i]
|
|
if sp.Protocol == "" {
|
|
sp.Protocol = ProtocolTCP
|
|
}
|
|
if sp.TargetPort == intstr.FromInt(0) || sp.TargetPort == intstr.FromString("") {
|
|
sp.TargetPort = intstr.FromInt(int(sp.Port))
|
|
}
|
|
//Carry conversion
|
|
if len(obj.ClusterIP) == 0 && len(obj.DeprecatedPortalIP) > 0 {
|
|
obj.ClusterIP = obj.DeprecatedPortalIP
|
|
}
|
|
}
|
|
}
|
|
func SetDefaults_Pod(obj *Pod) {
|
|
// If limits are specified, but requests are not, default requests to limits
|
|
// This is done here rather than a more specific defaulting pass on ResourceRequirements
|
|
// because we only want this defaulting semantic to take place on a Pod and not a PodTemplate
|
|
for i := range obj.Spec.Containers {
|
|
// set requests to limits if requests are not specified, but limits are
|
|
if obj.Spec.Containers[i].Resources.Limits != nil {
|
|
if obj.Spec.Containers[i].Resources.Requests == nil {
|
|
obj.Spec.Containers[i].Resources.Requests = make(ResourceList)
|
|
}
|
|
for key, value := range obj.Spec.Containers[i].Resources.Limits {
|
|
if _, exists := obj.Spec.Containers[i].Resources.Requests[key]; !exists {
|
|
obj.Spec.Containers[i].Resources.Requests[key] = *(value.Copy())
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
func SetDefaults_PodSpec(obj *PodSpec) {
|
|
if obj.DNSPolicy == "" {
|
|
obj.DNSPolicy = DNSClusterFirst
|
|
}
|
|
if obj.RestartPolicy == "" {
|
|
obj.RestartPolicy = RestartPolicyAlways
|
|
}
|
|
if obj.HostNetwork {
|
|
defaultHostNetworkPorts(&obj.Containers)
|
|
}
|
|
if obj.SecurityContext == nil {
|
|
obj.SecurityContext = &PodSecurityContext{}
|
|
}
|
|
// Carry migration from serviceAccount to serviceAccountName
|
|
if len(obj.ServiceAccountName) == 0 && len(obj.DeprecatedServiceAccount) > 0 {
|
|
obj.ServiceAccountName = obj.DeprecatedServiceAccount
|
|
}
|
|
// Carry migration from host to nodeName
|
|
if len(obj.NodeName) == 0 && len(obj.DeprecatedHost) > 0 {
|
|
obj.NodeName = obj.DeprecatedHost
|
|
}
|
|
if obj.TerminationGracePeriodSeconds == nil {
|
|
period := int64(DefaultTerminationGracePeriodSeconds)
|
|
obj.TerminationGracePeriodSeconds = &period
|
|
}
|
|
}
|
|
func SetDefaults_Probe(obj *Probe) {
|
|
if obj.TimeoutSeconds == 0 {
|
|
obj.TimeoutSeconds = 1
|
|
}
|
|
if obj.PeriodSeconds == 0 {
|
|
obj.PeriodSeconds = 10
|
|
}
|
|
if obj.SuccessThreshold == 0 {
|
|
obj.SuccessThreshold = 1
|
|
}
|
|
if obj.FailureThreshold == 0 {
|
|
obj.FailureThreshold = 3
|
|
}
|
|
}
|
|
func SetDefaults_Secret(obj *Secret) {
|
|
if obj.Type == "" {
|
|
obj.Type = SecretTypeOpaque
|
|
}
|
|
}
|
|
func SetDefaults_PersistentVolume(obj *PersistentVolume) {
|
|
if obj.Status.Phase == "" {
|
|
obj.Status.Phase = VolumePending
|
|
}
|
|
if obj.Spec.PersistentVolumeReclaimPolicy == "" {
|
|
obj.Spec.PersistentVolumeReclaimPolicy = PersistentVolumeReclaimRetain
|
|
}
|
|
}
|
|
func SetDefaults_PersistentVolumeClaim(obj *PersistentVolumeClaim) {
|
|
if obj.Status.Phase == "" {
|
|
obj.Status.Phase = ClaimPending
|
|
}
|
|
}
|
|
func SetDefaults_ISCSIVolumeSource(obj *ISCSIVolumeSource) {
|
|
if obj.ISCSIInterface == "" {
|
|
obj.ISCSIInterface = "default"
|
|
}
|
|
}
|
|
func SetDefaults_Endpoints(obj *Endpoints) {
|
|
for i := range obj.Subsets {
|
|
ss := &obj.Subsets[i]
|
|
for i := range ss.Ports {
|
|
ep := &ss.Ports[i]
|
|
if ep.Protocol == "" {
|
|
ep.Protocol = ProtocolTCP
|
|
}
|
|
}
|
|
}
|
|
}
|
|
func SetDefaults_HTTPGetAction(obj *HTTPGetAction) {
|
|
if obj.Path == "" {
|
|
obj.Path = "/"
|
|
}
|
|
if obj.Scheme == "" {
|
|
obj.Scheme = URISchemeHTTP
|
|
}
|
|
}
|
|
func SetDefaults_NamespaceStatus(obj *NamespaceStatus) {
|
|
if obj.Phase == "" {
|
|
obj.Phase = NamespaceActive
|
|
}
|
|
}
|
|
func SetDefaults_Node(obj *Node) {
|
|
if obj.Spec.ExternalID == "" {
|
|
obj.Spec.ExternalID = obj.Name
|
|
}
|
|
}
|
|
func SetDefaults_NodeStatus(obj *NodeStatus) {
|
|
if obj.Allocatable == nil && obj.Capacity != nil {
|
|
obj.Allocatable = make(ResourceList, len(obj.Capacity))
|
|
for key, value := range obj.Capacity {
|
|
obj.Allocatable[key] = *(value.Copy())
|
|
}
|
|
obj.Allocatable = obj.Capacity
|
|
}
|
|
}
|
|
func SetDefaults_ObjectFieldSelector(obj *ObjectFieldSelector) {
|
|
if obj.APIVersion == "" {
|
|
obj.APIVersion = "v1"
|
|
}
|
|
}
|
|
func SetDefaults_LimitRangeItem(obj *LimitRangeItem) {
|
|
// for container limits, we apply default values
|
|
if obj.Type == LimitTypeContainer {
|
|
|
|
if obj.Default == nil {
|
|
obj.Default = make(ResourceList)
|
|
}
|
|
if obj.DefaultRequest == nil {
|
|
obj.DefaultRequest = make(ResourceList)
|
|
}
|
|
|
|
// If a default limit is unspecified, but the max is specified, default the limit to the max
|
|
for key, value := range obj.Max {
|
|
if _, exists := obj.Default[key]; !exists {
|
|
obj.Default[key] = *(value.Copy())
|
|
}
|
|
}
|
|
// If a default limit is specified, but the default request is not, default request to limit
|
|
for key, value := range obj.Default {
|
|
if _, exists := obj.DefaultRequest[key]; !exists {
|
|
obj.DefaultRequest[key] = *(value.Copy())
|
|
}
|
|
}
|
|
// If a default request is not specified, but the min is provided, default request to the min
|
|
for key, value := range obj.Min {
|
|
if _, exists := obj.DefaultRequest[key]; !exists {
|
|
obj.DefaultRequest[key] = *(value.Copy())
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
func SetDefaults_ConfigMap(obj *ConfigMap) {
|
|
if obj.Data == nil {
|
|
obj.Data = make(map[string]string)
|
|
}
|
|
}
|
|
|
|
// With host networking default all container ports to host ports.
|
|
func defaultHostNetworkPorts(containers *[]Container) {
|
|
for i := range *containers {
|
|
for j := range (*containers)[i].Ports {
|
|
if (*containers)[i].Ports[j].HostPort == 0 {
|
|
(*containers)[i].Ports[j].HostPort = (*containers)[i].Ports[j].ContainerPort
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
func SetDefaults_RBDVolumeSource(obj *RBDVolumeSource) {
|
|
if obj.RBDPool == "" {
|
|
obj.RBDPool = "rbd"
|
|
}
|
|
if obj.RadosUser == "" {
|
|
obj.RadosUser = "admin"
|
|
}
|
|
if obj.Keyring == "" {
|
|
obj.Keyring = "/etc/ceph/keyring"
|
|
}
|
|
}
|
|
|
|
// Default SCCs for new fields. FSGroup and SupplementalGroups are
|
|
// set to the RunAsAny strategy if they are unset on the scc.
|
|
func SetDefaults_SCC(scc *SecurityContextConstraints) {
|
|
if len(scc.FSGroup.Type) == 0 {
|
|
scc.FSGroup.Type = FSGroupStrategyRunAsAny
|
|
}
|
|
if len(scc.SupplementalGroups.Type) == 0 {
|
|
scc.SupplementalGroups.Type = SupplementalGroupsStrategyRunAsAny
|
|
}
|
|
|
|
// defaults the volume slice of the SCC.
|
|
// In order to support old clients the boolean fields will always take precedence.
|
|
defaultAllowedVolumes := fsTypeToStringSet(scc.Volumes)
|
|
|
|
// assume a nil volume slice is allowing everything for backwards compatibility
|
|
if defaultAllowedVolumes == nil {
|
|
defaultAllowedVolumes = sets.NewString(string(FSTypeAll))
|
|
}
|
|
|
|
if scc.AllowHostDirVolumePlugin {
|
|
// if already allowing all then there is no reason to add
|
|
if !defaultAllowedVolumes.Has(string(FSTypeAll)) {
|
|
defaultAllowedVolumes.Insert(string(FSTypeHostPath))
|
|
}
|
|
} else {
|
|
// we should only default all volumes if the SCC came in with FSTypeAll or we defaulted it
|
|
// otherwise we should only change the volumes slice to ensure that it does not conflict with
|
|
// the AllowHostDirVolumePlugin setting
|
|
shouldDefaultAllVolumes := defaultAllowedVolumes.Has(string(FSTypeAll))
|
|
|
|
// remove anything from volumes that conflicts with AllowHostDirVolumePlugin = false
|
|
defaultAllowedVolumes.Delete(string(FSTypeAll))
|
|
defaultAllowedVolumes.Delete(string(FSTypeHostPath))
|
|
|
|
if shouldDefaultAllVolumes {
|
|
allVolumes := sccutil.GetAllFSTypesExcept(string(FSTypeHostPath))
|
|
defaultAllowedVolumes.Insert(allVolumes.List()...)
|
|
}
|
|
}
|
|
|
|
scc.Volumes = StringSetToFSType(defaultAllowedVolumes)
|
|
}
|
|
|
|
func StringSetToFSType(set sets.String) []FSType {
|
|
if set == nil {
|
|
return nil
|
|
}
|
|
volumes := []FSType{}
|
|
for _, v := range set.List() {
|
|
volumes = append(volumes, FSType(v))
|
|
}
|
|
return volumes
|
|
}
|
|
|
|
func fsTypeToStringSet(volumes []FSType) sets.String {
|
|
if volumes == nil {
|
|
return nil
|
|
}
|
|
set := sets.NewString()
|
|
for _, v := range volumes {
|
|
set.Insert(string(v))
|
|
}
|
|
return set
|
|
}
|