public_git
/
kubernetes-operator
mirror of https://github.com/jenkinsci/kubernetes-operator.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Externalise podSecurityContext.runAsUser and

This commit is contained in:
Akram Ben Aissi 2019-06-26 07:28:30 -04:00
parent 9285e294dd
commit f17a4c5dce
3 changed files with 17 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
deploy/crds/jenkins_v1alpha2_jenkins_cr.yaml
View File

@ -4,9 +4,14 @@ metadata:
name: example name: example
spec: spec:
master: master:
securityContext:
runAsUser: 1001
containers: containers:
- name: jenkins-master - name: jenkins-master
image: jenkins/jenkins:lts image: jenkins/jenkins:lts
command:
- bash
- "/var/jenkins/scripts/init.sh"
imagePullPolicy: Always imagePullPolicy: Always
livenessProbe: livenessProbe:
failureThreshold: 12 failureThreshold: 12

8
pkg/apis/jenkins/v1alpha2/jenkins_types.go
View File

@ -155,6 +155,14 @@ type JenkinsMaster struct {
// +optional // +optional
NodeSelector map[string]string `json:"nodeSelector,omitempty"` NodeSelector map[string]string `json:"nodeSelector,omitempty"`
// SecurityContext that applies to all the containers of the Jenkins
// Master. As per kubernetes specification, it can be overidden
// for each container individually.
// +optional
// Defaults to: nil
SecurityContext *corev1.PodSecurityContext `json:"securityContext,omitempty"`
// List of containers belonging to the pod. // List of containers belonging to the pod.
// Containers cannot currently be added or removed. // Containers cannot currently be added or removed.
// There must be at least one container in a Pod. // There must be at least one container in a Pod.

15
pkg/controller/jenkins/configuration/base/resources/pod.go
View File

@ -202,12 +202,9 @@ func NewJenkinsMasterContainer(jenkins *v1alpha2.Jenkins) corev1.Container {
Name: JenkinsMasterContainerName, Name: JenkinsMasterContainerName,
Image: jenkinsContainer.Image, Image: jenkinsContainer.Image,
ImagePullPolicy: jenkinsContainer.ImagePullPolicy, ImagePullPolicy: jenkinsContainer.ImagePullPolicy,
/*Command: []string{ Command: jenkinsContainer.Command,
"bash", LivenessProbe: jenkinsContainer.LivenessProbe,
fmt.Sprintf("%s/%s", jenkinsScriptsVolumePath, initScriptName), ReadinessProbe: jenkinsContainer.ReadinessProbe,
},*/
LivenessProbe: jenkinsContainer.LivenessProbe,
ReadinessProbe: jenkinsContainer.ReadinessProbe,
Ports: []corev1.ContainerPort{ Ports: []corev1.ContainerPort{
{ {
Name: httpPortName, Name: httpPortName,
@ -264,7 +261,6 @@ func GetJenkinsMasterPodName(jenkins v1alpha2.Jenkins) string {
// NewJenkinsMasterPod builds Jenkins Master Kubernetes Pod resource // NewJenkinsMasterPod builds Jenkins Master Kubernetes Pod resource
func NewJenkinsMasterPod(objectMeta metav1.ObjectMeta, jenkins *v1alpha2.Jenkins) *corev1.Pod { func NewJenkinsMasterPod(objectMeta metav1.ObjectMeta, jenkins *v1alpha2.Jenkins) *corev1.Pod {
runAsUser := jenkinsUserUID
serviceAccountName := objectMeta.Name serviceAccountName := objectMeta.Name
objectMeta.Annotations = jenkins.Spec.Master.Annotations objectMeta.Annotations = jenkins.Spec.Master.Annotations
@ -276,10 +272,7 @@ func NewJenkinsMasterPod(objectMeta metav1.ObjectMeta, jenkins *v1alpha2.Jenkins
Spec: corev1.PodSpec{ Spec: corev1.PodSpec{
ServiceAccountName: serviceAccountName, ServiceAccountName: serviceAccountName,
RestartPolicy: corev1.RestartPolicyNever, RestartPolicy: corev1.RestartPolicyNever,
SecurityContext: &corev1.PodSecurityContext{ SecurityContext: jenkins.Spec.Master.SecurityContext,
RunAsUser: &runAsUser,
RunAsGroup: &runAsUser,
},
NodeSelector: jenkins.Spec.Master.NodeSelector, NodeSelector: jenkins.Spec.Master.NodeSelector,
Containers: newContainers(jenkins), Containers: newContainers(jenkins),
Volumes: append(GetJenkinsMasterPodBaseVolumes(jenkins), jenkins.Spec.Master.Volumes...), Volumes: append(GetJenkinsMasterPodBaseVolumes(jenkins), jenkins.Spec.Master.Volumes...),