kubernetes.v0: gopkg.in/kubernetes/kubernetes.v0/pkg/securitycontext Index | Files

package securitycontext

import "gopkg.in/kubernetes/kubernetes.v0/pkg/securitycontext"

Package securitycontext contains security context api implementations

Index

Package Files

doc.go fake.go provider.go types.go util.go

func HasCapabilitiesRequest Uses

func HasCapabilitiesRequest(container *api.Container) bool

HasCapabilitiesRequest returns true if Adds or Drops are defined in the security context capabilities, taking into account nils

func HasPrivilegedRequest Uses

func HasPrivilegedRequest(container *api.Container) bool

HasPrivilegedRequest returns the value of SecurityContext.Privileged, taking into account the possibility of nils

func ValidSecurityContextWithContainerDefaults Uses

func ValidSecurityContextWithContainerDefaults() *api.SecurityContext

ValidSecurityContextWithContainerDefaults creates a valid security context provider based on empty container defaults. Used for testing.

type FakeSecurityContextProvider Uses

type FakeSecurityContextProvider struct{}

func (FakeSecurityContextProvider) ModifyContainerConfig Uses

func (p FakeSecurityContextProvider) ModifyContainerConfig(pod *api.Pod, container *api.Container, config *docker.Config)

func (FakeSecurityContextProvider) ModifyHostConfig Uses

func (p FakeSecurityContextProvider) ModifyHostConfig(pod *api.Pod, container *api.Container, hostConfig *docker.HostConfig)

type SecurityContextProvider Uses

type SecurityContextProvider interface {
    // ModifyContainerConfig is called before the Docker createContainer call.
    // The security context provider can make changes to the Config with which
    // the container is created.
    ModifyContainerConfig(pod *api.Pod, container *api.Container, config *docker.Config)

    // ModifyHostConfig is called before the Docker runContainer call.
    // The security context provider can make changes to the HostConfig, affecting
    // security options, whether the container is privileged, volume binds, etc.
    // An error is returned if it's not possible to secure the container as requested
    // with a security context.
    ModifyHostConfig(pod *api.Pod, container *api.Container, hostConfig *docker.HostConfig)
}

func NewFakeSecurityContextProvider Uses

func NewFakeSecurityContextProvider() SecurityContextProvider

NewFakeSecurityContextProvider creates a new, no-op security context provider.

func NewSimpleSecurityContextProvider Uses

func NewSimpleSecurityContextProvider() SecurityContextProvider

NewSimpleSecurityContextProvider creates a new SimpleSecurityContextProvider.

type SimpleSecurityContextProvider Uses

type SimpleSecurityContextProvider struct{}

SimpleSecurityContextProvider is the default implementation of a SecurityContextProvider.

func (SimpleSecurityContextProvider) ModifyContainerConfig Uses

func (p SimpleSecurityContextProvider) ModifyContainerConfig(pod *api.Pod, container *api.Container, config *docker.Config)

ModifyContainerConfig is called before the Docker createContainer call. The security context provider can make changes to the Config with which the container is created.

func (SimpleSecurityContextProvider) ModifyHostConfig Uses

func (p SimpleSecurityContextProvider) ModifyHostConfig(pod *api.Pod, container *api.Container, hostConfig *docker.HostConfig)

ModifyHostConfig is called before the Docker runContainer call. The security context provider can make changes to the HostConfig, affecting security options, whether the container is privileged, volume binds, etc. An error is returned if it's not possible to secure the container as requested with a security context.

Package securitycontext imports 4 packages (graph). Updated 2019-04-05. Refresh now. Tools for package owners.