io.fabric8.kubernetes.api.model.SecurityContext Java Examples
The following examples show how to use
io.fabric8.kubernetes.api.model.SecurityContext.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: EntityOperatorTest.java From strimzi-kafka-operator with Apache License 2.0 | 5 votes |
|
@Test
public void testUserOperatorContainerSecurityContext() {
SecurityContext securityContext = new SecurityContextBuilder()
.withPrivileged(false)
.withNewReadOnlyRootFilesystem(false)
.withAllowPrivilegeEscalation(false)
.withRunAsNonRoot(true)
.withNewCapabilities()
.addNewDrop("ALL")
.endCapabilities()
.build();
Kafka resource = new KafkaBuilder(ResourceUtils.createKafkaCluster(namespace, cluster, replicas, image, healthDelay, healthTimeout))
.editSpec()
.editOrNewEntityOperator()
.withTopicOperator(entityTopicOperatorSpec)
.withUserOperator(entityUserOperatorSpec)
.editOrNewTemplate()
.editOrNewUserOperatorContainer()
.withSecurityContext(securityContext)
.endUserOperatorContainer()
.endTemplate()
.endEntityOperator()
.endSpec()
.build();
EntityOperator eo = EntityOperator.fromCrd(resource, VERSIONS);
Deployment deployment = eo.generateDeployment(false, null, null, null);
assertThat(deployment.getSpec().getTemplate().getSpec().getContainers(),
hasItem(allOf(
hasProperty("name", equalTo(EntityUserOperator.USER_OPERATOR_CONTAINER_NAME)),
hasProperty("securityContext", equalTo(securityContext))
)));
}
Example #2
| Source File: EntityOperatorTest.java From strimzi-kafka-operator with Apache License 2.0 | 5 votes |
|
@Test
public void testTopicOperatorContainerSecurityContext() {
SecurityContext securityContext = new SecurityContextBuilder()
.withPrivileged(false)
.withNewReadOnlyRootFilesystem(false)
.withAllowPrivilegeEscalation(false)
.withRunAsNonRoot(true)
.withNewCapabilities()
.addNewDrop("ALL")
.endCapabilities()
.build();
Kafka resource = new KafkaBuilder(ResourceUtils.createKafkaCluster(namespace, cluster, replicas, image, healthDelay, healthTimeout))
.editSpec()
.editOrNewEntityOperator()
.withTopicOperator(entityTopicOperatorSpec)
.withUserOperator(entityUserOperatorSpec)
.editOrNewTemplate()
.editOrNewTopicOperatorContainer()
.withSecurityContext(securityContext)
.endTopicOperatorContainer()
.endTemplate()
.endEntityOperator()
.endSpec()
.build();
EntityOperator eo = EntityOperator.fromCrd(resource, VERSIONS);
Deployment deployment = eo.generateDeployment(false, null, null, null);
assertThat(deployment.getSpec().getTemplate().getSpec().getContainers(),
hasItem(allOf(
hasProperty("name", equalTo(EntityTopicOperator.TOPIC_OPERATOR_CONTAINER_NAME)),
hasProperty("securityContext", equalTo(securityContext))
)));
}
Example #3
| Source File: EntityOperatorTest.java From strimzi-kafka-operator with Apache License 2.0 | 5 votes |
|
@Test
public void testTlsSidecarContainerSecurityContext() {
SecurityContext securityContext = new SecurityContextBuilder()
.withPrivileged(false)
.withNewReadOnlyRootFilesystem(false)
.withAllowPrivilegeEscalation(false)
.withRunAsNonRoot(true)
.withNewCapabilities()
.addNewDrop("ALL")
.endCapabilities()
.build();
Kafka resource = new KafkaBuilder(ResourceUtils.createKafkaCluster(namespace, cluster, replicas, image, healthDelay, healthTimeout))
.editSpec()
.editOrNewEntityOperator()
.withTopicOperator(entityTopicOperatorSpec)
.withUserOperator(entityUserOperatorSpec)
.editOrNewTemplate()
.editOrNewTlsSidecarContainer()
.withSecurityContext(securityContext)
.endTlsSidecarContainer()
.endTemplate()
.endEntityOperator()
.endSpec()
.build();
EntityOperator eo = EntityOperator.fromCrd(resource, VERSIONS);
Deployment deployment = eo.generateDeployment(false, null, null, null);
assertThat(deployment.getSpec().getTemplate().getSpec().getContainers(),
hasItem(allOf(
hasProperty("name", equalTo(EntityOperator.TLS_SIDECAR_NAME)),
hasProperty("securityContext", equalTo(securityContext))
)));
}
Example #4
| Source File: KafkaConnectClusterTest.java From strimzi-kafka-operator with Apache License 2.0 | 5 votes |
|
@Test
public void testKafkaConnectContainerSecurityContext() {
SecurityContext securityContext = new SecurityContextBuilder()
.withPrivileged(false)
.withNewReadOnlyRootFilesystem(false)
.withAllowPrivilegeEscalation(false)
.withRunAsNonRoot(true)
.withNewCapabilities()
.addNewDrop("ALL")
.endCapabilities()
.build();
KafkaConnect resource = new KafkaConnectBuilder(this.resource)
.editSpec()
.editOrNewTemplate()
.withNewConnectContainer()
.withSecurityContext(securityContext)
.endConnectContainer()
.endTemplate()
.endSpec()
.build();
KafkaConnectCluster kcc = KafkaConnectCluster.fromCrd(resource, VERSIONS);
Deployment deployment = kcc.generateDeployment(null, false, null, null);
assertThat(deployment.getSpec().getTemplate().getSpec().getContainers(),
hasItem(allOf(
hasProperty("name", equalTo(cluster + "-connect")),
hasProperty("securityContext", equalTo(securityContext))
)));
}
Example #5
| Source File: ZookeeperClusterTest.java From strimzi-kafka-operator with Apache License 2.0 | 5 votes |
|
@Test
public void testZookeeperContainerSecurityContext() {
SecurityContext securityContext = new SecurityContextBuilder()
.withPrivileged(false)
.withNewReadOnlyRootFilesystem(false)
.withAllowPrivilegeEscalation(false)
.withRunAsNonRoot(true)
.withNewCapabilities()
.addNewDrop("ALL")
.endCapabilities()
.build();
Kafka kafkaAssembly = new KafkaBuilder(ResourceUtils.createKafkaCluster(namespace, cluster, replicas,
image, healthDelay, healthTimeout, metricsCmJson, configurationJson, emptyMap()))
.editSpec()
.editZookeeper()
.withNewTemplate()
.withNewZookeeperContainer()
.withSecurityContext(securityContext)
.endZookeeperContainer()
.endTemplate()
.endZookeeper()
.endSpec()
.build();
ZookeeperCluster zc = ZookeeperCluster.fromCrd(kafkaAssembly, VERSIONS);
StatefulSet sts = zc.generateStatefulSet(false, null, null);
assertThat(sts.getSpec().getTemplate().getSpec().getContainers(),
hasItem(allOf(
hasProperty("name", equalTo(ZookeeperCluster.ZOOKEEPER_NAME)),
hasProperty("securityContext", equalTo(securityContext))
)));
}
Example #6
| Source File: KafkaClusterTest.java From strimzi-kafka-operator with Apache License 2.0 | 5 votes |
|
@Test
public void testKafkaContainerSecurityContext() {
SecurityContext securityContext = new SecurityContextBuilder()
.withPrivileged(false)
.withNewReadOnlyRootFilesystem(false)
.withAllowPrivilegeEscalation(false)
.withRunAsNonRoot(true)
.withNewCapabilities()
.addNewDrop("ALL")
.endCapabilities()
.build();
Kafka kafkaAssembly = new KafkaBuilder(ResourceUtils.createKafkaCluster(namespace, cluster, replicas,
image, healthDelay, healthTimeout, metricsCm, configuration, emptyMap()))
.editSpec()
.editKafka()
.withNewTemplate()
.withNewKafkaContainer()
.withSecurityContext(securityContext)
.endKafkaContainer()
.endTemplate()
.endKafka()
.endSpec()
.build();
KafkaCluster kc = KafkaCluster.fromCrd(kafkaAssembly, VERSIONS);
assertThat(kc.templateKafkaContainerSecurityContext, is(securityContext));
StatefulSet sts = kc.generateStatefulSet(false, null, null);
assertThat(sts.getSpec().getTemplate().getSpec().getContainers(),
hasItem(allOf(
hasProperty("name", equalTo(KafkaCluster.KAFKA_NAME)),
hasProperty("securityContext", equalTo(securityContext))
)));
}
Example #7
| Source File: KafkaClusterTest.java From strimzi-kafka-operator with Apache License 2.0 | 5 votes |
|
@Test
public void testTlsSidecarContainerSecurityContext() {
SecurityContext securityContext = new SecurityContextBuilder()
.withPrivileged(false)
.withNewReadOnlyRootFilesystem(false)
.withAllowPrivilegeEscalation(false)
.withRunAsNonRoot(true)
.withNewCapabilities()
.addNewDrop("ALL")
.endCapabilities()
.build();
Kafka kafkaAssembly = new KafkaBuilder(ResourceUtils.createKafkaCluster(namespace, cluster, replicas,
image, healthDelay, healthTimeout, metricsCm, configuration, emptyMap()))
.editSpec()
.editKafka()
.withNewTemplate()
.withNewTlsSidecarContainer()
.withSecurityContext(securityContext)
.endTlsSidecarContainer()
.endTemplate()
.endKafka()
.endSpec()
.build();
KafkaCluster kc = KafkaCluster.fromCrd(kafkaAssembly, VERSIONS);
StatefulSet sts = kc.generateStatefulSet(false, null, null);
assertThat(sts.getSpec().getTemplate().getSpec().getContainers(),
hasItem(allOf(
hasProperty("name", equalTo(KafkaCluster.TLS_SIDECAR_NAME)),
hasProperty("securityContext", equalTo(securityContext))
)));
}
Example #8
| Source File: KafkaClusterTest.java From strimzi-kafka-operator with Apache License 2.0 | 5 votes |
|
@Test
public void testInitContainerSecurityContext() {
SecurityContext securityContext = new SecurityContextBuilder()
.withPrivileged(false)
.withNewReadOnlyRootFilesystem(false)
.withAllowPrivilegeEscalation(false)
.withRunAsNonRoot(true)
.withNewCapabilities()
.addNewDrop("ALL")
.endCapabilities()
.build();
Kafka kafkaAssembly = new KafkaBuilder(ResourceUtils.createKafkaCluster(namespace, cluster, replicas,
image, healthDelay, healthTimeout, metricsCm, configuration, emptyMap()))
.editSpec()
.editKafka()
// Set a rack to force init-container to be templated
.withNewRack()
.withNewTopologyKey("a-topology")
.endRack()
.withNewTemplate()
.withNewInitContainer()
.withSecurityContext(securityContext)
.endInitContainer()
.endTemplate()
.endKafka()
.endSpec()
.build();
KafkaCluster kc = KafkaCluster.fromCrd(kafkaAssembly, VERSIONS);
StatefulSet sts = kc.generateStatefulSet(false, null, null);
assertThat(sts.getSpec().getTemplate().getSpec().getInitContainers(),
hasItem(allOf(
hasProperty("name", equalTo(KafkaCluster.INIT_NAME)),
hasProperty("securityContext", equalTo(securityContext))
)));
}
Example #9
| Source File: JmxTransTest.java From strimzi-kafka-operator with Apache License 2.0 | 5 votes |
|
@Test
public void testContainerSecurityContext() {
SecurityContext securityContext = new SecurityContextBuilder()
.withPrivileged(false)
.withNewReadOnlyRootFilesystem(false)
.withAllowPrivilegeEscalation(false)
.withRunAsNonRoot(true)
.withNewCapabilities()
.addNewDrop("ALL")
.endCapabilities()
.build();
Kafka resource = new KafkaBuilder(kafkaAssembly)
.editSpec()
.editJmxTrans()
.withNewTemplate()
.withNewContainer()
.withSecurityContext(securityContext)
.endContainer()
.endTemplate()
.endJmxTrans()
.endSpec()
.build();
JmxTrans jmxTrans = JmxTrans.fromCrd(resource, VERSIONS);
assertThat(jmxTrans.templateContainerSecurityContext, is(securityContext));
Deployment deployment = jmxTrans.generateDeployment(null, null);
assertThat(deployment.getSpec().getTemplate().getSpec().getContainers(),
hasItem(allOf(
hasProperty("name", equalTo(cluster + "-kafka-jmx-trans")),
hasProperty("securityContext", equalTo(securityContext))
)));
}
Example #10
| Source File: ContainerHandler.java From jkube with Eclipse Public License 2.0 | 4 votes |
|
private SecurityContext createSecurityContext(ResourceConfig config) {
return new SecurityContextBuilder()
.withPrivileged(config.isContainerPrivileged())
.build();
}
Example #11
| Source File: EntityUserOperator.java From strimzi-kafka-operator with Apache License 2.0 | 4 votes |
|
public void setContainerSecurityContext(SecurityContext securityContext) {
templateContainerSecurityContext = securityContext;
}
Example #12
| Source File: EntityTopicOperator.java From strimzi-kafka-operator with Apache License 2.0 | 4 votes |
|
public void setContainerSecurityContext(SecurityContext securityContext) {
templateContainerSecurityContext = securityContext;
}
Example #13
| Source File: CruiseControlTest.java From strimzi-kafka-operator with Apache License 2.0 | 4 votes |
|
@Test
public void testCruiseControlContainerSecurityContext() {
SecurityContext securityContext = new SecurityContextBuilder()
.withPrivileged(false)
.withNewReadOnlyRootFilesystem(false)
.withAllowPrivilegeEscalation(false)
.withRunAsNonRoot(true)
.withNewCapabilities()
.addNewDrop("ALL")
.endCapabilities()
.build();
CruiseControlSpec cruiseControlSpec = new CruiseControlSpecBuilder()
.withImage(ccImage)
.withConfig((Map) configuration.asOrderedProperties().asMap())
.withNewTemplate()
.withNewCruiseControlContainer()
.withSecurityContext(securityContext)
.endCruiseControlContainer()
.endTemplate()
.build();
Kafka resource =
new KafkaBuilder(ResourceUtils.createKafkaCluster(namespace, cluster, replicas, image, healthDelay, healthTimeout))
.editSpec()
.editKafka()
.withVersion(version)
.endKafka()
.withCruiseControl(cruiseControlSpec)
.endSpec()
.build();
CruiseControl cc = CruiseControl.fromCrd(resource, VERSIONS);
Deployment dep = cc.generateDeployment(true, null, null, null);
assertThat(dep.getSpec().getTemplate().getSpec().getContainers(),
hasItem(allOf(
hasProperty("name", equalTo(CruiseControl.CRUISE_CONTROL_CONTAINER_NAME)),
hasProperty("securityContext", equalTo(securityContext))
)));
}
Example #14
| Source File: CruiseControlTest.java From strimzi-kafka-operator with Apache License 2.0 | 4 votes |
|
@Test
public void testTlsSidecarContainerSecurityContext() {
SecurityContext securityContext = new SecurityContextBuilder()
.withPrivileged(false)
.withNewReadOnlyRootFilesystem(false)
.withAllowPrivilegeEscalation(false)
.withRunAsNonRoot(true)
.withNewCapabilities()
.addNewDrop("ALL")
.endCapabilities()
.build();
CruiseControlSpec cruiseControlSpec = new CruiseControlSpecBuilder()
.withImage(ccImage)
.withConfig((Map) configuration.asOrderedProperties().asMap())
.withNewTemplate()
.withNewTlsSidecarContainer()
.withSecurityContext(securityContext)
.endTlsSidecarContainer()
.endTemplate()
.build();
Kafka resource =
new KafkaBuilder(ResourceUtils.createKafkaCluster(namespace, cluster, replicas, image, healthDelay, healthTimeout))
.editSpec()
.editKafka()
.withVersion(version)
.endKafka()
.withCruiseControl(cruiseControlSpec)
.endSpec()
.build();
CruiseControl cc = CruiseControl.fromCrd(resource, VERSIONS);
Deployment dep = cc.generateDeployment(true, null, null, null);
assertThat(dep.getSpec().getTemplate().getSpec().getContainers(),
hasItem(allOf(
hasProperty("name", equalTo(CruiseControl.TLS_SIDECAR_NAME)),
hasProperty("securityContext", equalTo(securityContext))
)));
}
Example #15
| Source File: ContainerTemplate.java From strimzi-kafka-operator with Apache License 2.0 | 4 votes |
|
@Description("Security context for the container")
@KubeLink(group = "core", version = "v1", kind = "securitycontext")
@JsonInclude(JsonInclude.Include.NON_NULL)
public SecurityContext getSecurityContext() {
return securityContext;
}
Example #16
| Source File: ContainerTemplate.java From strimzi-kafka-operator with Apache License 2.0 | 4 votes |
|
public void setSecurityContext(SecurityContext securityContext) {
this.securityContext = securityContext;
}
