diff options
| author | Suren A. Chilingaryan <csa@suren.me> | 2018-02-20 15:10:45 +0100 |
|---|---|---|
| committer | Suren A. Chilingaryan <csa@suren.me> | 2018-02-20 15:10:45 +0100 |
| commit | e4751f88e52aa8e89e4c94bc6fe4c3346eccf6fe (patch) | |
| tree | 3a8a420d8d26e616491f31b322a006dd2b3e0e1c /roles/ands_kaas/templates/6-kaas-pods.yml.j2 | |
| parent | 96ced00e05b50f276841a9212ae89e018de4d92d (diff) | |
| download | ands-e4751f88e52aa8e89e4c94bc6fe4c3346eccf6fe.tar.gz ands-e4751f88e52aa8e89e4c94bc6fe4c3346eccf6fe.tar.bz2 ands-e4751f88e52aa8e89e4c94bc6fe4c3346eccf6fe.tar.xz ands-e4751f88e52aa8e89e4c94bc6fe4c3346eccf6fe.zip | |
Handling GlusterFS storage security in OpenShift containers
Diffstat (limited to 'roles/ands_kaas/templates/6-kaas-pods.yml.j2')
| -rw-r--r-- | roles/ands_kaas/templates/6-kaas-pods.yml.j2 | 35 |
1 files changed, 29 insertions, 6 deletions
diff --git a/roles/ands_kaas/templates/6-kaas-pods.yml.j2 b/roles/ands_kaas/templates/6-kaas-pods.yml.j2 index 479b343..d5418d3 100644 --- a/roles/ands_kaas/templates/6-kaas-pods.yml.j2 +++ b/roles/ands_kaas/templates/6-kaas-pods.yml.j2 @@ -36,7 +36,7 @@ objects: - apiVersion: v1 kind: Route metadata: - name: kaas + name: {{ pod.name | default(name) }} spec: host: {{ pod.service.host }} to: @@ -66,7 +66,7 @@ objects: - apiVersion: v1 kind: DeploymentConfig metadata: - name: kaas + name: {{ pod.name | default(name) }} spec: replicas: {{ pod.sched.replicas | default(1) }} selector: @@ -93,12 +93,33 @@ objects: {% for img in pod.images %} {% set imgidx = loop.index %} {% for vol in img.mappings %} + {% set oc_name = vol.name | default(name) | regex_replace('_','-') %} - name: vol-{{imgidx}}-{{loop.index}} persistentVolumeClaim: - claimName: {{ vol.name }} + claimName: {{ oc_name }} {% endfor %} {% endfor %} {% endif %} + {% if (pod.groups is defined) or (pod.run_as is defined) %} + securityContext: + {% if (pod.run_as is defined) %} + {% if (kaas_project_config.uids | default(kaas_openshift_uids))[pod.run_as] is defined %} + - {{ (kaas_project_config.uids | default(kaas_openshift_uids))[pod.run_as].id }} + {% else %} + - pod.run_as + {% endif %} + {% endif %} + {% if (pod.groups is defined) %} + supplementalGroups: + {% for group in pod.groups %} + {% if (kaas_project_config.gids | default(kaas_openshift_gids))[group] is defined %} + - {{ (kaas_project_config.gids | default(kaas_openshift_gids))[group].id }} + {% else %} + - group + {% endif %} + {% endfor %} + {% endif %} + {% endif %} containers: {% for img in pod.images %} {% set imgidx = loop.index %} @@ -118,10 +139,12 @@ objects: {% endif %} {% if img.env is defined %} env: - {% for env_name, env_val in img.env.iteritems() %} + {% for env_item in img.env %} + {% set env_name = env_item.name %} + {% set env_val = env_item.value %} {% set env_parts = (env_val | string).split('@') %} + - name: "{{ env_name }}" {% if env_parts[0] == "secret" %} - - name: {{ env_name }} {% set env_sec = (env_parts[1] | string).split('/') %} valueFrom: secretKeyRef: @@ -134,7 +157,7 @@ objects: name: {{ env_cm[0] }} key: {{ env_cm[1] }} {% else %} - value: {{ env_val }} + value: "{{ env_val }}" {% endif %} {% endfor %} {% endif %} |