本文整理汇总了Golang中k8s/io/kubernetes/pkg/client.Client.SecurityContextConstraints方法的典型用法代码示例。如果您正苦于以下问题:Golang Client.SecurityContextConstraints方法的具体用法?Golang Client.SecurityContextConstraints怎么用?Golang Client.SecurityContextConstraints使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类k8s/io/kubernetes/pkg/client.Client
的用法示例。
在下文中一共展示了Client.SecurityContextConstraints方法的4个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: validateSecurityContextConstraints
func validateSecurityContextConstraints(c *k8sclient.Client, f *cmdutil.Factory) (Result, error) {
ns, _, err := f.DefaultNamespace()
if err != nil {
return Failure, err
}
rc, err := c.SecurityContextConstraints().Get("fabric8")
if err != nil {
util.Fatalf("Failed to get SecurityContextConstraints, %s in namespace %s\n", err, ns)
}
if rc != nil {
return Success, err
}
return Failure, err
}
示例2: validateServiceAccount
func validateServiceAccount(kClient *kclient.Client, ns string, sa string) error {
// get cluster sccs
sccList, err := kClient.SecurityContextConstraints().List(labels.Everything(), fields.Everything())
if err != nil {
return fmt.Errorf("unable to validate service account %v", err)
}
// get set of sccs applicable to the service account
userInfo := serviceaccount.UserInfo(ns, sa, "")
for _, scc := range sccList.Items {
if admission.ConstraintAppliesTo(&scc, userInfo) {
if scc.AllowHostPorts {
return nil
}
}
}
return fmt.Errorf("unable to validate service account, host ports are forbidden")
}
示例3: verifyRestrictedSecurityContextConstraints
// Ensure that the `restricted` SecurityContextConstraints has the RunAsUser set to RunAsAny
//
// if `restricted does not exist lets create it
// otherwise if needed lets modify the RunAsUser
func verifyRestrictedSecurityContextConstraints(c *k8sclient.Client, f *cmdutil.Factory) (Result, error) {
name := RestrictedSCC
ns, _, e := f.DefaultNamespace()
if e != nil {
util.Fatal("No default namespace")
return Failure, e
}
rc, err := c.SecurityContextConstraints().Get(name)
if err != nil {
scc := kapi.SecurityContextConstraints{
ObjectMeta: kapi.ObjectMeta{
Name: RestrictedSCC,
},
SELinuxContext: kapi.SELinuxContextStrategyOptions{
Type: kapi.SELinuxStrategyMustRunAs,
},
RunAsUser: kapi.RunAsUserStrategyOptions{
Type: kapi.RunAsUserStrategyRunAsAny,
},
Groups: []string{bootstrappolicy.AuthenticatedGroup},
}
_, err = c.SecurityContextConstraints().Create(&scc)
if err != nil {
return Failure, err
} else {
util.Infof("SecurityContextConstraints %s created\n", name)
return Success, err
}
}
// lets check that the restricted is configured correctly
if kapi.RunAsUserStrategyRunAsAny != rc.RunAsUser.Type {
rc.RunAsUser.Type = kapi.RunAsUserStrategyRunAsAny
_, err = c.SecurityContextConstraints().Update(rc)
if err != nil {
util.Fatalf("Failed to update SecurityContextConstraints %v in namespace %s: %v\n", rc, ns, err)
return Failure, err
}
util.Infof("SecurityContextConstraints %s is updated to enable fabric8\n", name)
} else {
util.Infof("SecurityContextConstraints %s is configured correctly\n", name)
}
return Success, err
}
示例4: deployFabric8SecurityContextConstraints
func deployFabric8SecurityContextConstraints(c *k8sclient.Client, f *cmdutil.Factory) (Result, error) {
name := Fabric8SCC
scc := kapi.SecurityContextConstraints{
ObjectMeta: kapi.ObjectMeta{
Name: name,
},
AllowPrivilegedContainer: true,
AllowHostNetwork: true,
AllowHostPorts: true,
AllowHostDirVolumePlugin: true,
SELinuxContext: kapi.SELinuxContextStrategyOptions{
Type: kapi.SELinuxStrategyRunAsAny,
},
RunAsUser: kapi.RunAsUserStrategyOptions{
Type: kapi.RunAsUserStrategyRunAsAny,
},
Users: []string{"system:serviceaccount:openshift-infra:build-controller", "system:serviceaccount:default:default", "system:serviceaccount:default:fabric8", "system:serviceaccount:default:gerrit", "system:serviceaccount:default:jenkins", "system:serviceaccount:default:router"},
Groups: []string{bootstrappolicy.ClusterAdminGroup, bootstrappolicy.NodesGroup},
}
ns, _, err := f.DefaultNamespace()
if err != nil {
util.Fatal("No default namespace")
return Failure, err
}
_, err = c.SecurityContextConstraints().Get(name)
if err == nil {
err = c.SecurityContextConstraints().Delete(name)
if err != nil {
return Failure, err
}
}
_, err = c.SecurityContextConstraints().Create(&scc)
if err != nil {
util.Fatalf("Cannot create SecurityContextConstraints: %v\n", err)
util.Fatalf("Failed to create SecurityContextConstraints %v in namespace %s: %v\n", scc, ns, err)
return Failure, err
}
util.Infof("SecurityContextConstraints %s is setup correctly\n", name)
return Success, err
}