Add run as privileged option to the deploy form

cb0c0e7f · bryk · 98fb69a6 · cb0c0e7f · cb0c0e7f · cb0c0e7f
5 changed file
--- a/src/app/backend/deploy.go
+++ b/src/app/backend/deploy.go
@@ -57,6 +57,9 @@ type AppDeploymentSpec struct {

 	// Labels that will be defined on Pods/RCs/Services
 	Labels []Label `json:"labels"`
+
+	// Whether to run the container as privileged user (essentially equivalent to root on the host).
+	RunAsPrivileged bool `json:"runAsPrivileged"`
 }

 // Port mapping for an application deployment.
@@ -99,6 +102,9 @@ func DeployApp(spec *AppDeploymentSpec, client client.Interface) error {
 	containerSpec := api.Container{
 		Name:  spec.Name,
 		Image: spec.ContainerImage,
+		SecurityContext: &api.SecurityContext{
+			Privileged: &spec.RunAsPrivileged,
+		},
 	}

 	if spec.ContainerCommand != nil {

--- a/src/app/externs/backendapi.js
+++ b/src/app/externs/backendapi.js
@@ -52,7 +52,8 @@ backendApi.Label;
 *   portMappings: !Array<!backendApi.PortMapping>,
 *   labels: !Array<!backendApi.Label>,
 *   replicas: number,
- *   namespace: string
+ *   namespace: string,
+ *   runAsPrivileged: boolean,
 * }}
 */
 backendApi.AppDeploymentSpec;

--- a/src/app/frontend/deploy/deployfromsettings.html
+++ b/src/app/frontend/deploy/deployfromsettings.html
@@ -129,11 +129,20 @@ limitations under the License.
      </md-input-container>
    </div>
    <kd-user-help>
-      By default, your containers run the selected image's default entrypoint command. You can use the
-      command options to override the default.
+      By default, your containers run the selected image's default entrypoint command. You can
+      use the command options to override the default.
      <a href="">Learn more</a>
    </kd-user-help>
  </kd-help-section>
+  
+  <kd-help-section>
+    <md-switch ng-model="ctrl.runAsPrivileged" class="md-primary">
+      Run as privileged
+    </md-switch>
+    <kd-user-help>
+      Processes in privileged containers are equivalent to be running as root on the host.
+    </kd-user-help>
+  </kd-help-section>
 </div>

 <md-button class="md-primary kd-deploy-moreoptions-button" type="button"

--- a/src/app/frontend/deploy/deployfromsettings_controller.js
+++ b/src/app/frontend/deploy/deployfromsettings_controller.js
@@ -94,6 +94,12 @@ export default class DeployFromSettingsController {
     */
    this.name;

+    /**
+     * Whether to run the container as privileged user.
+     * @export {boolean}
+     */
+    this.runAsPrivileged = false;
+
    /**
     * Currently chosen namespace.
     * @export {string}
@@ -136,6 +142,7 @@ export default class DeployFromSettingsController {
      replicas: this.replicas,
      namespace: this.namespace,
      labels: this.toBackendApiLabels_(this.labels),
+      runAsPrivileged: this.runAsPrivileged,
    };

    let defer = this.q_.defer();

--- a/src/test/backend/deploy_test.go
+++ b/src/test/backend/deploy_test.go
@@ -24,8 +24,9 @@ import (
 func TestDeployApp(t *testing.T) {
 	namespace := "foo-namespace"
 	spec := &AppDeploymentSpec{
-		Namespace: namespace,
-		Name:      "foo-name",
+		Namespace:       namespace,
+		Name:            "foo-name",
+		RunAsPrivileged: true,
 	}
 	expectedRc := &api.ReplicationController{
 		ObjectMeta: api.ObjectMeta{
@@ -43,6 +44,9 @@ func TestDeployApp(t *testing.T) {
 				Spec: api.PodSpec{
 					Containers: []api.Container{{
 						Name: "foo-name",
+						SecurityContext: &api.SecurityContext{
+							Privileged: &spec.RunAsPrivileged,
+						},
 					}},
 				},
 			},