diff --git a/Godeps/Godeps.json b/Godeps/Godeps.json index 48a16ab4..29ed54e5 100644 --- a/Godeps/Godeps.json +++ b/Godeps/Godeps.json @@ -756,7 +756,7 @@ }, { "ImportPath": "k8s.io/apimachinery", - "Rev": "1a0ee4aea6d1" + "Rev": "96f75771c510" }, { "ImportPath": "k8s.io/cli-runtime", diff --git a/go.mod b/go.mod index cf0db5ce..4f12a1d4 100644 --- a/go.mod +++ b/go.mod @@ -35,7 +35,7 @@ require ( golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f gopkg.in/yaml.v2 v2.2.8 k8s.io/api v0.0.0-20200616091053-96dd8b8608bc - k8s.io/apimachinery v0.0.0-20200616090325-1a0ee4aea6d1 + k8s.io/apimachinery v0.0.0-20200616090325-96f75771c510 k8s.io/cli-runtime v0.0.0-20200616102832-a8624640395d k8s.io/client-go v0.0.0-20200616091859-0adb702ae49b k8s.io/component-base v0.0.0-20200616093421-8d48f868cdb4 @@ -52,7 +52,7 @@ replace ( golang.org/x/sys => golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a // pinned to release-branch.go1.13 golang.org/x/tools => golang.org/x/tools v0.0.0-20190821162956-65e3620a7ae7 // pinned to release-branch.go1.13 k8s.io/api => k8s.io/api v0.0.0-20200616091053-96dd8b8608bc - k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20200616090325-1a0ee4aea6d1 + k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20200616090325-96f75771c510 k8s.io/cli-runtime => k8s.io/cli-runtime v0.0.0-20200616102832-a8624640395d k8s.io/client-go => k8s.io/client-go v0.0.0-20200616091859-0adb702ae49b k8s.io/code-generator => k8s.io/code-generator v0.0.0-20200616085743-b88f4eb8c2e2 diff --git a/go.sum b/go.sum index ab10c1c5..f6e0c061 100644 --- a/go.sum +++ b/go.sum @@ -443,7 +443,7 @@ honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= k8s.io/api v0.0.0-20200616091053-96dd8b8608bc/go.mod h1:zfjW4fcGaY49eODR10Bw016NHJLk9kfHjL/GnXGO0Hc= -k8s.io/apimachinery v0.0.0-20200616090325-1a0ee4aea6d1/go.mod h1:diAekxQB6O2LunkgrS6bHwK4dfE2K8KIxK3GeFjrgBU= +k8s.io/apimachinery v0.0.0-20200616090325-96f75771c510/go.mod h1:diAekxQB6O2LunkgrS6bHwK4dfE2K8KIxK3GeFjrgBU= k8s.io/cli-runtime v0.0.0-20200616102832-a8624640395d/go.mod h1:ZfYIPoi+1QDWCMDoOFJIu3ESYVhS0nD7T/N9fbw0MmE= k8s.io/client-go v0.0.0-20200616091859-0adb702ae49b/go.mod h1:d4bV9T69HeWSChjkEGgay7Kij96MXt/fQSai8QT22qI= k8s.io/code-generator v0.0.0-20200616085743-b88f4eb8c2e2/go.mod h1:6NiFnMML+4VaG+kHKew+dc+SBC3Q+5NTNQIHdJJbG3w= diff --git a/pkg/cmd/run/run.go b/pkg/cmd/run/run.go index 3c7252e2..26aaffe0 100644 --- a/pkg/cmd/run/run.go +++ b/pkg/cmd/run/run.go @@ -120,6 +120,7 @@ type RunOptions struct { Interactive bool LeaveStdinOpen bool Port string + Privileged bool Quiet bool Schedule string TTY bool @@ -202,6 +203,7 @@ func addRunFlags(cmd *cobra.Command, opt *RunOptions) { cmd.Flags().BoolVar(&opt.Quiet, "quiet", opt.Quiet, "If true, suppress prompt messages.") cmd.Flags().StringVar(&opt.Schedule, "schedule", opt.Schedule, i18n.T("A schedule in the Cron format the job should be run with.")) cmd.Flags().MarkDeprecated("schedule", "has no effect and will be removed in the future.") + cmd.Flags().BoolVar(&opt.Privileged, "privileged", opt.Privileged, i18n.T("If true, run the container in privileged mode.")) cmdutil.AddFieldManagerFlagVar(cmd, &opt.fieldManager, "kubectl-run") } diff --git a/pkg/generate/versioned/run.go b/pkg/generate/versioned/run.go index 4f70a9d4..6eade8d9 100644 --- a/pkg/generate/versioned/run.go +++ b/pkg/generate/versioned/run.go @@ -229,6 +229,7 @@ func (BasicPod) ParamNames() []generate.GeneratorParam { {Name: "requests", Required: false}, {Name: "limits", Required: false}, {Name: "serviceaccount", Required: false}, + {Name: "privileged", Required: false}, } } @@ -281,6 +282,18 @@ func (BasicPod) Generate(genericParams map[string]interface{}) (runtime.Object, if len(restartPolicy) == 0 { restartPolicy = v1.RestartPolicyAlways } + + privileged, err := generate.GetBool(params, "privileged", false) + if err != nil { + return nil, err + } + var securityContext *v1.SecurityContext + if privileged { + securityContext = &v1.SecurityContext{ + Privileged: &privileged, + } + } + pod := v1.Pod{ ObjectMeta: metav1.ObjectMeta{ Name: name, @@ -290,12 +303,13 @@ func (BasicPod) Generate(genericParams map[string]interface{}) (runtime.Object, ServiceAccountName: params["serviceaccount"], Containers: []v1.Container{ { - Name: name, - Image: params["image"], - Stdin: stdin, - StdinOnce: !leaveStdinOpen && stdin, - TTY: tty, - Resources: resourceRequirements, + Name: name, + Image: params["image"], + Stdin: stdin, + StdinOnce: !leaveStdinOpen && stdin, + TTY: tty, + Resources: resourceRequirements, + SecurityContext: securityContext, }, }, DNSPolicy: v1.DNSClusterFirst, diff --git a/pkg/generate/versioned/run_test.go b/pkg/generate/versioned/run_test.go index 79cc4e46..081e7bb5 100644 --- a/pkg/generate/versioned/run_test.go +++ b/pkg/generate/versioned/run_test.go @@ -254,6 +254,32 @@ func TestGeneratePod(t *testing.T) { }, }, }, + { + name: "test10: privileged mode", + params: map[string]interface{}{ + "name": "foo", + "image": "someimage", + "replicas": "1", + "privileged": "true", + }, + expected: &v1.Pod{ + ObjectMeta: metav1.ObjectMeta{ + Name: "foo", + Labels: map[string]string{"run": "foo"}, + }, + Spec: v1.PodSpec{ + Containers: []v1.Container{ + { + Name: "foo", + Image: "someimage", + SecurityContext: securityContextWithPrivilege(true), + }, + }, + DNSPolicy: v1.DNSClusterFirst, + RestartPolicy: v1.RestartPolicyAlways, + }, + }, + }, } generator := BasicPod{} for _, tt := range tests { @@ -358,3 +384,9 @@ func TestParseEnv(t *testing.T) { }) } } + +func securityContextWithPrivilege(privileged bool) *v1.SecurityContext { + return &v1.SecurityContext{ + Privileged: &privileged, + } +}