Skip to content

Commit

Permalink
Add securityContext field to overwriteContainers
Browse files Browse the repository at this point in the history
  • Loading branch information
@yamatcha
yamatcha committed Jan 30, 2025
1 parent 0252543 commit 8723f6a
Show file tree
Hide file tree
Showing 9 changed files with 313 additions and 11 deletions.
23 changes: 23 additions & 0 deletions api/v1beta2/mysqlcluster_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -455,6 +455,8 @@ const (
)

// OverwriteContainer defines the container spec used for overwriting.
// For more information, please read the following documentation.
// https://cybozu-go.github.io/moco/customize-system-container.html
type OverwriteContainer struct {
// Name of the container to overwrite.
// +kubebuilder:validation:Required
Expand All @@ -463,6 +465,10 @@ type OverwriteContainer struct {
// Resources is the container resource to be overwritten.
// +optional
Resources *ResourceRequirementsApplyConfiguration `json:"resources,omitempty"`

// SecurityContext is the container SecurityContext to be overwritten.
// +optional
SecurityContext *SecurityContextApplyConfiguration `json:"securityContext,omitempty"`
}

// ResourceRequirementsApplyConfiguration is the type defined to implement the DeepCopy method.
Expand All @@ -482,6 +488,23 @@ func (in *ResourceRequirementsApplyConfiguration) DeepCopy() *ResourceRequiremen
return out
}

// SecurityContextApplyConfiguration is the type defined to implement the DeepCopy method.
type SecurityContextApplyConfiguration corev1ac.SecurityContextApplyConfiguration

// DeepCopy is copying the receiver, creating a new OverwriteContainer.
func (in *SecurityContextApplyConfiguration) DeepCopy() *SecurityContextApplyConfiguration {
out := new(SecurityContextApplyConfiguration)
bytes, err := json.Marshal(in)
if err != nil {
panic("Failed to marshal")
}
err = json.Unmarshal(bytes, out)
if err != nil {
panic("Failed to unmarshal")
}
return out
}

// PersistentVolumeClaimSpecApplyConfiguration is the type defined to implement the DeepCopy method.
type PersistentVolumeClaimSpecApplyConfiguration corev1ac.PersistentVolumeClaimSpecApplyConfiguration

Expand Down
10 changes: 10 additions & 0 deletions api/v1beta2/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

75 changes: 75 additions & 0 deletions charts/moco/templates/generated/crds/moco_crds.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2342,6 +2342,81 @@ spec:
description: ResourceList is a set of (resource name,...
type: object
type: object
securityContext:
description: SecurityContext is the container SecurityContext...
properties:
allowPrivilegeEscalation:
type: boolean
appArmorProfile:
description: AppArmorProfileApplyConfiguration represents a...
properties:
localhostProfile:
type: string
type:
type: string
type: object
capabilities:
description: CapabilitiesApplyConfiguration represents a...
properties:
add:
items:
description: Capability represent POSIX capabilities type
type: string
type: array
drop:
items:
description: Capability represent POSIX capabilities type
type: string
type: array
type: object
privileged:
type: boolean
procMount:
type: string
readOnlyRootFilesystem:
type: boolean
runAsGroup:
format: int64
type: integer
runAsNonRoot:
type: boolean
runAsUser:
format: int64
type: integer
seLinuxOptions:
description: SELinuxOptionsApplyConfiguration represents a...
properties:
level:
type: string
role:
type: string
type:
type: string
user:
type: string
type: object
seccompProfile:
description: SeccompProfileApplyConfiguration represents a...
properties:
localhostProfile:
type: string
type:
description: SeccompProfileType defines the supported seccomp...
type: string
type: object
windowsOptions:
description: WindowsSecurityContextOptionsApplyConfiguration...
properties:
gmsaCredentialSpec:
type: string
gmsaCredentialSpecName:
type: string
hostProcess:
type: boolean
runAsUserName:
type: string
type: object
type: object
required:
- name
type: object
Expand Down
82 changes: 82 additions & 0 deletions config/crd/bases/moco.cybozu.com_mysqlclusters.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -160,6 +160,88 @@ spec:
description: ResourceList is a set of (resource name,...
type: object
type: object
securityContext:
description: SecurityContext is the container SecurityContext...
properties:
allowPrivilegeEscalation:
type: boolean
appArmorProfile:
description: AppArmorProfileApplyConfiguration represents
a...
properties:
localhostProfile:
type: string
type:
type: string
type: object
capabilities:
description: CapabilitiesApplyConfiguration represents
a...
properties:
add:
items:
description: Capability represent POSIX capabilities
type
type: string
type: array
drop:
items:
description: Capability represent POSIX capabilities
type
type: string
type: array
type: object
privileged:
type: boolean
procMount:
type: string
readOnlyRootFilesystem:
type: boolean
runAsGroup:
format: int64
type: integer
runAsNonRoot:
type: boolean
runAsUser:
format: int64
type: integer
seLinuxOptions:
description: SELinuxOptionsApplyConfiguration represents
a...
properties:
level:
type: string
role:
type: string
type:
type: string
user:
type: string
type: object
seccompProfile:
description: SeccompProfileApplyConfiguration represents
a...
properties:
localhostProfile:
type: string
type:
description: SeccompProfileType defines the supported
seccomp...
type: string
type: object
windowsOptions:
description: WindowsSecurityContextOptionsApplyConfiguration...
properties:
gmsaCredentialSpec:
type: string
gmsaCredentialSpecName:
type: string
hostProcess:
type: boolean
runAsUserName:
type: string
type: object
type: object
required:
- name
type: object
Expand Down
82 changes: 82 additions & 0 deletions ...tests/apiextensions.k8s.io_v1_customresourcedefinition_mysqlclusters.moco.cybozu.com.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -160,6 +160,88 @@ spec:
description: ResourceList is a set of (resource name,...
type: object
type: object
securityContext:
description: SecurityContext is the container SecurityContext...
properties:
allowPrivilegeEscalation:
type: boolean
appArmorProfile:
description: AppArmorProfileApplyConfiguration represents
a...
properties:
localhostProfile:
type: string
type:
type: string
type: object
capabilities:
description: CapabilitiesApplyConfiguration represents
a...
properties:
add:
items:
description: Capability represent POSIX capabilities
type
type: string
type: array
drop:
items:
description: Capability represent POSIX capabilities
type
type: string
type: array
type: object
privileged:
type: boolean
procMount:
type: string
readOnlyRootFilesystem:
type: boolean
runAsGroup:
format: int64
type: integer
runAsNonRoot:
type: boolean
runAsUser:
format: int64
type: integer
seLinuxOptions:
description: SELinuxOptionsApplyConfiguration represents
a...
properties:
level:
type: string
role:
type: string
type:
type: string
user:
type: string
type: object
seccompProfile:
description: SeccompProfileApplyConfiguration represents
a...
properties:
localhostProfile:
type: string
type:
description: SeccompProfileType defines the supported
seccomp...
type: string
type: object
windowsOptions:
description: WindowsSecurityContextOptionsApplyConfiguration...
properties:
gmsaCredentialSpec:
type: string
gmsaCredentialSpecName:
type: string
hostProcess:
type: boolean
runAsUserName:
type: string
type: object
type: object
required:
- name
type: object
Expand Down
3 changes: 3 additions & 0 deletions controllers/mysql_container.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -451,6 +451,9 @@ func updateContainerWithOverwriteContainers(cluster *mocov1beta2.MySQLCluster, c
if overwrite.Resources != nil {
container.WithResources((*corev1ac.ResourceRequirementsApplyConfiguration)(overwrite.Resources))
}
if overwrite.SecurityContext != nil {
container.WithSecurityContext((*corev1ac.SecurityContextApplyConfiguration)(overwrite.SecurityContext))
}
}
}
}
Loading

0 comments on commit 8723f6a

Please # to comment.