當前位置: 首頁>>代碼示例>>Golang>>正文


Golang api.SecurityContext類代碼示例

本文整理匯總了Golang中k8s/io/kubernetes/pkg/api.SecurityContext的典型用法代碼示例。如果您正苦於以下問題:Golang SecurityContext類的具體用法?Golang SecurityContext怎麽用?Golang SecurityContext使用的例子?那麽, 這裏精選的類代碼示例或許可以為您提供幫助。


在下文中一共展示了SecurityContext類的4個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Golang代碼示例。

示例1: deepCopy_api_SecurityContext

func deepCopy_api_SecurityContext(in api.SecurityContext, out *api.SecurityContext, c *conversion.Cloner) error {
	if in.Capabilities != nil {
		out.Capabilities = new(api.Capabilities)
		if err := deepCopy_api_Capabilities(*in.Capabilities, out.Capabilities, c); err != nil {
			return err
		}
	} else {
		out.Capabilities = nil
	}
	if in.Privileged != nil {
		out.Privileged = new(bool)
		*out.Privileged = *in.Privileged
	} else {
		out.Privileged = nil
	}
	if in.SELinuxOptions != nil {
		out.SELinuxOptions = new(api.SELinuxOptions)
		if err := deepCopy_api_SELinuxOptions(*in.SELinuxOptions, out.SELinuxOptions, c); err != nil {
			return err
		}
	} else {
		out.SELinuxOptions = nil
	}
	if in.RunAsUser != nil {
		out.RunAsUser = new(int64)
		*out.RunAsUser = *in.RunAsUser
	} else {
		out.RunAsUser = nil
	}
	out.RunAsNonRoot = in.RunAsNonRoot
	return nil
}
開發者ID:josafat,項目名稱:contrib,代碼行數:32,代碼來源:deep_copy_generated.go

示例2: CreateContainerSecurityContext

// Create a SecurityContext based on the given constraints.  If a setting is already set on the
// container's security context then it will not be changed.  Validation should be used after
// the context is created to ensure it complies with the required restrictions.
//
// NOTE: this method works on a copy of the SC of the container.  It is up to the caller to apply
// the SC if validation passes.
func (s *simpleProvider) CreateContainerSecurityContext(pod *api.Pod, container *api.Container) (*api.SecurityContext, map[string]string, error) {
	var sc *api.SecurityContext = nil
	if container.SecurityContext != nil {
		// work with a copy of the original
		copy := *container.SecurityContext
		sc = &copy
	} else {
		sc = &api.SecurityContext{}
	}
	annotations := maps.CopySS(pod.Annotations)

	if sc.RunAsUser == nil {
		uid, err := s.strategies.RunAsUserStrategy.Generate(pod, container)
		if err != nil {
			return nil, nil, err
		}
		sc.RunAsUser = uid
	}

	if sc.SELinuxOptions == nil {
		seLinux, err := s.strategies.SELinuxStrategy.Generate(pod, container)
		if err != nil {
			return nil, nil, err
		}
		sc.SELinuxOptions = seLinux
	}

	annotations, err := s.strategies.AppArmorStrategy.Generate(annotations, container)
	if err != nil {
		return nil, nil, err
	}

	if sc.Privileged == nil {
		priv := false
		sc.Privileged = &priv
	}

	// if we're using the non-root strategy set the marker that this container should not be
	// run as root which will signal to the kubelet to do a final check either on the runAsUser
	// or, if runAsUser is not set, the image UID will be checked.
	if s.psp.Spec.RunAsUser.Rule == extensions.RunAsUserStrategyMustRunAsNonRoot {
		nonRoot := true
		sc.RunAsNonRoot = &nonRoot
	}

	caps, err := s.strategies.CapabilitiesStrategy.Generate(pod, container)
	if err != nil {
		return nil, nil, err
	}
	sc.Capabilities = caps

	// if the PSP requires a read only root filesystem and the container has not made a specific
	// request then default ReadOnlyRootFilesystem to true.
	if s.psp.Spec.ReadOnlyRootFilesystem && sc.ReadOnlyRootFilesystem == nil {
		readOnlyRootFS := true
		sc.ReadOnlyRootFilesystem = &readOnlyRootFS
	}

	return sc, annotations, nil
}
開發者ID:kubernetes,項目名稱:kubernetes,代碼行數:66,代碼來源:provider.go

示例3: CreateContainerSecurityContext

// Create a SecurityContext based on the given constraints.  If a setting is already set on the
// container's security context then it will not be changed.  Validation should be used after
// the context is created to ensure it complies with the required restrictions.
//
// NOTE: this method works on a copy of the SC of the container.  It is up to the caller to apply
// the SC if validation passes.
func (s *simpleProvider) CreateContainerSecurityContext(pod *api.Pod, container *api.Container) (*api.SecurityContext, error) {
	var sc *api.SecurityContext = nil
	if container.SecurityContext != nil {
		// work with a copy of the original
		copy := *container.SecurityContext
		sc = &copy
	} else {
		sc = &api.SecurityContext{}
	}
	if sc.RunAsUser == nil {
		uid, err := s.runAsUserStrategy.Generate(pod, container)
		if err != nil {
			return nil, err
		}
		sc.RunAsUser = uid
	}

	if sc.SELinuxOptions == nil {
		seLinux, err := s.seLinuxStrategy.Generate(pod, container)
		if err != nil {
			return nil, err
		}
		sc.SELinuxOptions = seLinux
	}

	if sc.Privileged == nil {
		priv := false
		sc.Privileged = &priv
	}

	// if we're using the non-root strategy set the marker that this container should not be
	// run as root which will signal to the kubelet to do a final check either on the runAsUser
	// or, if runAsUser is not set, the image
	if s.scc.RunAsUser.Type == api.RunAsUserStrategyMustRunAsNonRoot {
		b := true
		sc.RunAsNonRoot = &b
	}

	// No need to touch capabilities, they will validate or not.
	return sc, nil
}
開發者ID:johnmccawley,項目名稱:origin,代碼行數:47,代碼來源:provider.go

示例4:

				env.Value = "tiesheng"
				envs = append(envs, env)

				env.Name = "PASSWORD"
				env.Value = "opensource"
				envs = append(envs, env)

				env.Name = "EMAIL"
				env.Value = "[email protected]"
				envs = append(envs, env)

				env.Name = "GIT_REPO"
				env.Value = "https://github.com/docker-library/hello-world.git"
				envs = append(envs, env)

				var sc api.SecurityContext
				pri := true
				sc.Privileged = &pri
				terminateCase = ConformanceContainer{
					Container: api.Container{
						Image:           "tiesheng/builder",
						Name:            "builder",
						Env:             envs,
						SecurityContext: &sc,
						Args:            []string{"tiesheng/20160315-ok"},
						ImagePullPolicy: api.PullNever,
					},
					Client:   cl,
					Phase:    api.PodSucceeded,
					NodeName: *nodeName,
				}
開發者ID:liangchenye,項目名稱:go-hack,代碼行數:31,代碼來源:build_test.go


注:本文中的k8s/io/kubernetes/pkg/api.SecurityContext類示例由純淨天空整理自Github/MSDocs等開源代碼及文檔管理平台,相關代碼片段篩選自各路編程大神貢獻的開源項目,源碼版權歸原作者所有,傳播和使用請參考對應項目的License;未經允許,請勿轉載。