x/k8s-docker-suite-app-murano
Code Issues Proposed changes

privileged mode support for KubernetesPod and DockerStandaloneHost

Browse Source 
Change-Id: I2155b27af1e59bf907d7ad03dedada98ef8ebb76
This commit is contained in:
Vitaly Lopatkin 2016-07-22 16:52:44 +06:00
parent c746897a2a
commit ba744855df
8 changed files with 19 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
DockerInterfacesLibrary/README.rst
View File

@ -90,6 +90,7 @@ It has the following properties:
into Docker container. Keys are the paths within container and values are into Docker container. Keys are the paths within container and values are
instances of DockerVolume. instances of DockerVolume.
* `privileged`: a flag that forces running container in privileged mode.
ApplicationPort ApplicationPort
=============== ===============

5
DockerInterfacesLibrary/package/Classes/DockerContainer.yaml
View File

@ -42,6 +42,10 @@ Properties:
$.string().notNull(): $.class(DockerVolume).notNull() $.string().notNull(): $.class(DockerVolume).notNull()
Default: {} Default: {}
privileged:
Contract: $.bool().notNull()
Default: false
Methods: Methods:
getRepresentation: getRepresentation:
Body: Body:
@ -56,3 +60,4 @@ Methods:
env: env env: env
ports: $.ports.select($.getRepresentation()) ports: $.ports.select($.getRepresentation())
volumes: $volumeRepresentations volumes: $volumeRepresentations
privileged: $.privileged

3
DockerStandaloneHost/package/Classes/DockerStandaloneHost.yaml
View File

@ -150,7 +150,8 @@ Methods:
env => $container.env, env => $container.env,
portMap => $portBindings, portMap => $portBindings,
volumeMap => $volumeMap, volumeMap => $volumeMap,
commands => $container.commands commands => $container.commands,
privileged => $container.privileged
)) ))
- $._removeApplicationEndpoints($container.name) - $._removeApplicationEndpoints($container.name)
- $privateIp: $.instance.agent.call($template, $resources) - $privateIp: $.instance.agent.call($template, $resources)

3
DockerStandaloneHost/package/Resources/RunContainer.template
View File

@ -21,6 +21,7 @@ Parameters:
env: $env env: $env
image: $image image: $image
commands: $commands commands: $commands
privileged: $privileged
Body: | Body: |
options = ['-d', '--name ' + args.appName] options = ['-d', '--name ' + args.appName]
@ -30,6 +31,8 @@ Body: |
options.append("-v '{0}':'{1}'".format(host_dir, container_dir)) options.append("-v '{0}':'{1}'".format(host_dir, container_dir))
for key, value in args.env.iteritems(): for key, value in args.env.iteritems():
options.append("-e '{0}'='{1}'".format(key, value)) options.append("-e '{0}'='{1}'".format(key, value))
if args.privileged:
options.append("--privileged")
runDockerCommand('run {0} {1} {2}'.format(' '.join(options), args.image, ' '.join(args.commands)).rstrip()) runDockerCommand('run {0} {1} {2}'.format(' '.join(options), args.image, ' '.join(args.commands)).rstrip())
return runDockerCommand('inspect -f={{.NetworkSettings.IPAddress}} ' + args.appName).stdout return runDockerCommand('inspect -f={{.NetworkSettings.IPAddress}} ' + args.appName).stdout

3
Kubernetes/KubernetesCluster/package/Resources/scripts/default_scripts/kube-apiserver
View File

@ -8,6 +8,7 @@ KUBE_APISERVER_OPTS="--address=0.0.0.0 \
--port=8080 \ --port=8080 \
--etcd_servers=http://127.0.0.1:4001 \ --etcd_servers=http://127.0.0.1:4001 \
--logtostderr=false \ --logtostderr=false \
--portal_net=11.1.0.0/16 --log_dir=/var/log/kubernetes" --portal_net=11.1.0.0/16 --log_dir=/var/log/kubernetes \
--allow_privileged=true"
# Add more environment settings used by kube-apiserver here # Add more environment settings used by kube-apiserver here

3
Kubernetes/KubernetesCluster/package/Resources/scripts/default_scripts/kubelet
View File

@ -9,6 +9,7 @@ KUBELET_OPTS="--address=%%IP%% \
--hostname_override=%%IP%% \ --hostname_override=%%IP%% \
--api_servers=%%MASTER_IP%%:8080 \ --api_servers=%%MASTER_IP%%:8080 \
--logtostderr=false \ --logtostderr=false \
--log_dir=/var/log/kubernetes" --log_dir=/var/log/kubernetes \
--allow_privileged=true"
# Add more environment settings used by kube-scheduler here # Add more environment settings used by kube-scheduler here

2
Kubernetes/KubernetesCluster/package/Resources/scripts/environ/kube-config
View File

@ -16,7 +16,7 @@ KUBE_LOGTOSTDERR="--logtostderr=true"
KUBE_LOG_LEVEL="--v=0" KUBE_LOG_LEVEL="--v=0"
# Should this cluster be allowed to run privileged docker containers # Should this cluster be allowed to run privileged docker containers
KUBE_ALLOW_PRIV="--allow-privileged=false" KUBE_ALLOW_PRIV="--allow-privileged"
# How the controller-manager, scheduler, and proxy find the apiserver # How the controller-manager, scheduler, and proxy find the apiserver
KUBE_MASTER="--master=http://%%MASTER_IP%%:8080" KUBE_MASTER="--master=http://%%MASTER_IP%%:8080"

2
Kubernetes/KubernetesPod/package/Classes/KubernetesPod.yaml
View File

@ -115,6 +115,8 @@ Methods:
mountPath => $ mountPath => $
)) ))
env: $container.env.keys().select(dict(name => $, value => $container.env.get($))) env: $container.env.keys().select(dict(name => $, value => $container.env.get($)))
securityContext:
privileged: $container.privileged
- $newVolumes: $container.volumes.values().select( - $newVolumes: $container.volumes.values().select(
$this._buildVolumeEntry($container.name, $)) $this._buildVolumeEntry($container.name, $))