Ejemplos de SecurityContext.RunAsUser en Golang

Lenguaje de programación: Golang

Namespace/Package Name: github.com/GoogleCloudPlatform/kubernetes/pkg/api

Clase / Tipo: SecurityContext

Método / Función: RunAsUser

Ejemplos en hotexamples.com: 2

Golang SecurityContext.RunAsUser - 2 ejemplos encontrados. Estos son los ejemplos en Golang del mundo real mejor valorados de github.com/GoogleCloudPlatform/kubernetes/pkg/api.SecurityContext.RunAsUser extraídos de proyectos de código abierto. Puedes valorar ejemplos para ayudarnos a mejorar la calidad de los ejemplos.

Métodos usados con frecuencia

Mostrar Ocultar

Privileged(2)

RunAsUser(2)

SELinuxOptions(2)

RunAsNonRoot(1)

Ejemplo n.º 1

Mostrar archivo

Archivo: provider.go Proyecto: brandon-adams/origin

// Create a SecurityContext based on the given constraints.  If a setting is already set on the
// container's security context then it will not be changed.  Validation should be used after
// the context is created to ensure it complies with the required restrictions.
//
// NOTE: this method works on a copy of the SC of the container.  It is up to the caller to apply
// the SC if validation passes.
func (s *simpleProvider) CreateSecurityContext(pod *api.Pod, container *api.Container) (*api.SecurityContext, error) {
	var sc *api.SecurityContext = nil
	if container.SecurityContext != nil {
		// work with a copy of the original
		copy := *container.SecurityContext
		sc = &copy
	} else {
		sc = &api.SecurityContext{}
	}
	if sc.RunAsUser == nil {
		uid, err := s.runAsUserStrategy.Generate(pod, container)
		if err != nil {
			return nil, err
		}
		sc.RunAsUser = uid
	}

	if sc.SELinuxOptions == nil {
		seLinux, err := s.seLinuxStrategy.Generate(pod, container)
		if err != nil {
			return nil, err
		}
		sc.SELinuxOptions = seLinux
	}

	if sc.Privileged == nil {
		priv := false
		sc.Privileged = &priv
	}

	// No need to touch capabilities, they will validate or not.
	return sc, nil
}

Ejemplo n.º 2

Mostrar archivo

Archivo: provider.go Proyecto: klpauba/origin

// Create a SecurityContext based on the given constraints.  If a setting is already set on the
// container's security context then it will not be changed.  Validation should be used after
// the context is created to ensure it complies with the required restrictions.
//
// NOTE: this method works on a copy of the SC of the container.  It is up to the caller to apply
// the SC if validation passes.
func (s *simpleProvider) CreateSecurityContext(pod *api.Pod, container *api.Container) (*api.SecurityContext, error) {
	var sc *api.SecurityContext = nil
	if container.SecurityContext != nil {
		// work with a copy of the original
		copy := *container.SecurityContext
		sc = &copy
	} else {
		sc = &api.SecurityContext{}
	}
	if sc.RunAsUser == nil {
		uid, err := s.runAsUserStrategy.Generate(pod, container)
		if err != nil {
			return nil, err
		}
		sc.RunAsUser = uid
	}

	if sc.SELinuxOptions == nil {
		seLinux, err := s.seLinuxStrategy.Generate(pod, container)
		if err != nil {
			return nil, err
		}
		sc.SELinuxOptions = seLinux
	}

	if sc.Privileged == nil {
		priv := false
		sc.Privileged = &priv
	}

	// if we're using the non-root strategy set the marker that this container should not be
	// run as root which will signal to the kubelet to do a final check either on the runAsUser
	// or, if runAsUser is not set, the image
	if s.scc.RunAsUser.Type == api.RunAsUserStrategyMustRunAsNonRoot {
		sc.RunAsNonRoot = true
	}

	// No need to touch capabilities, they will validate or not.
	return sc, nil
}