本文整理匯總了Golang中github.com/openshift/origin/pkg/cmd/server/bootstrappolicy.GetBootstrapSecurityContextConstraints函數的典型用法代碼示例。如果您正苦於以下問題:Golang GetBootstrapSecurityContextConstraints函數的具體用法?Golang GetBootstrapSecurityContextConstraints怎麽用?Golang GetBootstrapSecurityContextConstraints使用的例子?那麽, 這裏精選的函數代碼示例或許可以為您提供幫助。
在下文中一共展示了GetBootstrapSecurityContextConstraints函數的5個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Golang代碼示例。
示例1: ensureDefaultSecurityContextConstraints
func (c *MasterConfig) ensureDefaultSecurityContextConstraints() {
sccSupported, err := c.securityContextConstraintsSupported()
if err != nil {
glog.Errorf("Unable to determine if security context constraints are supported. Got error: %v", err)
return
}
if !sccSupported {
glog.Infof("Ignoring default security context constraints when running on external Kubernetes.")
return
}
ns := c.Options.PolicyConfig.OpenShiftInfrastructureNamespace
bootstrapSCCGroups, bootstrapSCCUsers := bootstrappolicy.GetBoostrapSCCAccess(ns)
for _, scc := range bootstrappolicy.GetBootstrapSecurityContextConstraints(bootstrapSCCGroups, bootstrapSCCUsers) {
_, err := c.KubeClient().SecurityContextConstraints().Create(&scc)
if kapierror.IsAlreadyExists(err) {
continue
}
if err != nil {
glog.Errorf("Unable to create default security context constraint %s. Got error: %v", scc.Name, err)
continue
}
glog.Infof("Created default security context constraint %s", scc.Name)
}
}
示例2: ensureDefaultSecurityContextConstraints
func (c *MasterConfig) ensureDefaultSecurityContextConstraints() {
sccList, err := c.KubeClient().SecurityContextConstraints().List(labels.Everything(), fields.Everything())
if err != nil {
glog.Errorf("Unable to initialize security context constraints: %v. This may prevent the creation of pods", err)
return
}
if len(sccList.Items) > 0 {
return
}
glog.Infof("No security context constraints detected, adding defaults")
// add the build user to the privileged SCC access
ns := c.Options.PolicyConfig.OpenShiftInfrastructureNamespace
buildControllerUsername := serviceaccount.MakeUsername(ns, c.BuildControllerServiceAccount)
bootstrapSCCGroups, bootstrapSCCUsers := bootstrappolicy.GetBoostrapSCCAccess()
bootstrapSCCUsers[bootstrappolicy.SecurityContextConstraintPrivileged] = append(bootstrapSCCUsers[bootstrappolicy.SecurityContextConstraintPrivileged], buildControllerUsername)
for _, scc := range bootstrappolicy.GetBootstrapSecurityContextConstraints(bootstrapSCCGroups, bootstrapSCCUsers) {
_, err = c.KubeClient().SecurityContextConstraints().Create(&scc)
if err != nil {
glog.Errorf("Unable to create default security context constraint %s. Got error: %v", scc.Name, err)
}
}
}
示例3: ChangedSCCs
// ChangedSCCs returns the SCCs that must be created and/or updated to match the
// recommended bootstrap SCCs.
func (o *ReconcileSCCOptions) ChangedSCCs() ([]*kapi.SecurityContextConstraints, error) {
changedSCCs := []*kapi.SecurityContextConstraints{}
groups, users := bootstrappolicy.GetBoostrapSCCAccess(o.InfraNamespace)
bootstrapSCCs := bootstrappolicy.GetBootstrapSecurityContextConstraints(groups, users)
for i := range bootstrapSCCs {
expectedSCC := &bootstrapSCCs[i]
actualSCC, err := o.SCCClient.Get(expectedSCC.Name)
// if not found it needs to be created
if kapierrors.IsNotFound(err) {
changedSCCs = append(changedSCCs, expectedSCC)
continue
}
if err != nil {
return nil, err
}
// if found then we need to diff to see if it needs updated
if updatedSCC, needsUpdating := o.computeUpdatedSCC(*expectedSCC, *actualSCC); needsUpdating {
changedSCCs = append(changedSCCs, updatedSCC)
}
}
return changedSCCs, nil
}
示例4: ensureDefaultSecurityContextConstraints
func (c *MasterConfig) ensureDefaultSecurityContextConstraints() {
ns := c.Options.PolicyConfig.OpenShiftInfrastructureNamespace
bootstrapSCCGroups, bootstrapSCCUsers := bootstrappolicy.GetBoostrapSCCAccess(ns)
for _, scc := range bootstrappolicy.GetBootstrapSecurityContextConstraints(bootstrapSCCGroups, bootstrapSCCUsers) {
_, err := c.KubeClient().SecurityContextConstraints().Create(&scc)
if kapierror.IsAlreadyExists(err) {
continue
}
if err != nil {
glog.Errorf("Unable to create default security context constraint %s. Got error: %v", scc.Name, err)
continue
}
glog.Infof("Created default security context constraint %s", scc.Name)
}
}
示例5: ensureDefaultSecurityContextConstraints
func (c *MasterConfig) ensureDefaultSecurityContextConstraints() {
sccList, err := c.KubeClient().SecurityContextConstraints().List(labels.Everything(), fields.Everything())
if err != nil {
glog.Errorf("Unable to initialize security context constraints: %v", err)
}
if len(sccList.Items) > 0 {
return
}
glog.Infof("No security context constraints detected, adding defaults")
ns := c.Options.PolicyConfig.OpenShiftInfrastructureNamespace
buildControllerUsername := serviceaccount.MakeUsername(ns, c.BuildControllerServiceAccount)
for _, scc := range bootstrappolicy.GetBootstrapSecurityContextConstraints(buildControllerUsername) {
_, err = c.KubeClient().SecurityContextConstraints().Create(&scc)
if err != nil {
glog.Errorf("Unable to create default security context constraint %s. Got error: %v", scc.Name, err)
}
}
}