kubernetes-sigs/kustomize
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kustomize.git synced 2026-06-12 01:14:22 +00:00
Code Issues Packages Projects Releases 1 Wiki Activity

refactor network name in kyaml container

Browse Source
This commit is contained in:
Donny Xia
2020-08-24 11:40:57 -07:00
parent a2e080bf6c
commit fa15242719
5 changed files with 63 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
kyaml/fn/runtime/container/container.go
View File

@@ -161,15 +161,10 @@ func (c *Filter) getCommand() (string, []string) {
// run the container using docker. this is simpler than using the docker // run the container using docker. this is simpler than using the docker
// libraries, and ensures things like auth work the same as if the container // libraries, and ensures things like auth work the same as if the container
// was run from the cli. // was run from the cli.
network := "none"
if c.Network.Name != "" {
network = c.Network.Name
}
args := []string{"run", args := []string{"run",
"--rm", // delete the container afterward "--rm", // delete the container afterward
"-i", "-a", "STDIN", "-a", "STDOUT", "-a", "STDERR", // attach stdin, stdout, stderr "-i", "-a", "STDIN", "-a", "STDOUT", "-a", "STDERR", // attach stdin, stdout, stderr
"--network", network, "--network", c.ContainerSpec.Network.Name.String(),
// added security options // added security options
"--user", c.User.String(), "--user", c.User.String(),
@@ -198,3 +193,19 @@ func (c *Filter) getCommand() (string, []string) {
a := append(args, c.Image) a := append(args, c.Image)
return "docker", a return "docker", a
} }
// NewContainer returns a new container instance
func NewContainer(spec runtimeutil.ContainerSpec) Filter {
f := Filter{ContainerSpec: spec}
// default user is nobody
if f.ContainerSpec.User.IsEmpty() {
f.ContainerSpec.User = runtimeutil.UserNobody
}
// default network name is none
if f.ContainerSpec.Network.Name.IsEmpty() {
f.ContainerSpec.Network.Name = runtimeutil.NetworkNameNone
}
return f
}

24
kyaml/fn/runtime/container/container_test.go
View File

@@ -38,12 +38,12 @@ metadata:
"--user", "nobody", "--user", "nobody",
"--security-opt=no-new-privileges", "--security-opt=no-new-privileges",
}, },
instance: Filter{ instance: NewContainer(
ContainerSpec: runtimeutil.ContainerSpec{ runtimeutil.ContainerSpec{
Image: "example.com:version", Image: "example.com:version",
User: "nobody", User: "nobody",
}, },
}, ),
}, },
{ {
@@ -61,15 +61,15 @@ metadata:
"--user", "nobody", "--user", "nobody",
"--security-opt=no-new-privileges", "--security-opt=no-new-privileges",
}, },
instance: Filter{ instance: NewContainer(
ContainerSpec: runtimeutil.ContainerSpec{ runtimeutil.ContainerSpec{
Image: "example.com:version", Image: "example.com:version",
Network: runtimeutil.ContainerNetwork{ Network: runtimeutil.ContainerNetwork{
Name: "test-1", Name: "test-1",
}, },
User: "nobody", User: "nobody",
}, },
}, ),
}, },
{ {
@@ -91,8 +91,8 @@ metadata:
"--mount", fmt.Sprintf("type=%s,source=%s,target=%s,readonly", "volume", "myvol", "/local/"), "--mount", fmt.Sprintf("type=%s,source=%s,target=%s,readonly", "volume", "myvol", "/local/"),
"--mount", fmt.Sprintf("type=%s,source=%s,target=%s,readonly", "tmpfs", "", "/local/"), "--mount", fmt.Sprintf("type=%s,source=%s,target=%s,readonly", "tmpfs", "", "/local/"),
}, },
instance: Filter{ instance: NewContainer(
ContainerSpec: runtimeutil.ContainerSpec{ runtimeutil.ContainerSpec{
Image: "example.com:version", Image: "example.com:version",
StorageMounts: []runtimeutil.StorageMount{ StorageMounts: []runtimeutil.StorageMount{
{MountType: "bind", Src: "/mount/path", DstPath: "/local/"}, {MountType: "bind", Src: "/mount/path", DstPath: "/local/"},
@@ -102,7 +102,7 @@ metadata:
}, },
User: "nobody", User: "nobody",
}, },
}, ),
}, },
{ {
name: "root user", name: "root user",
@@ -119,12 +119,12 @@ metadata:
"--user", "root", "--user", "root",
"--security-opt=no-new-privileges", "--security-opt=no-new-privileges",
}, },
instance: Filter{ instance: NewContainer(
ContainerSpec: runtimeutil.ContainerSpec{ runtimeutil.ContainerSpec{
Image: "example.com:version", Image: "example.com:version",
User: "root", User: "root",
}, },
}, ),
}, },
} }

24
kyaml/fn/runtime/runtimeutil/functiontypes.go
View File

@@ -33,6 +33,26 @@ const (
UserNobody ContainerUser = "nobody" UserNobody ContainerUser = "nobody"
) )
// ContainerNetworkName is a type for network name used in container
type ContainerNetworkName string
func (n *ContainerNetworkName) String() string {
return string(*n)
}
func (n *ContainerNetworkName) IsEmpty() bool {
return string(*n) == ""
}
func (n *ContainerNetworkName) Set(s string) {
*n = ContainerNetworkName(s)
}
const (
NetworkNameNone ContainerNetworkName = "none"
NetworkNameEmpty ContainerNetworkName = ""
)
// FunctionSpec defines a spec for running a function // FunctionSpec defines a spec for running a function
type FunctionSpec struct { type FunctionSpec struct {
DeferFailure bool `json:"deferFailure,omitempty" yaml:"deferFailure,omitempty"` DeferFailure bool `json:"deferFailure,omitempty" yaml:"deferFailure,omitempty"`
@@ -75,7 +95,7 @@ type ContainerNetwork struct {
Required bool `json:"required,omitempty" yaml:"required,omitempty"` Required bool `json:"required,omitempty" yaml:"required,omitempty"`
// Name is the name of the network to use from a container // Name is the name of the network to use from a container
Name string `json:"name,omitempty" yaml:"name,omitempty"` Name ContainerNetworkName `json:"name,omitempty" yaml:"name,omitempty"`
} }
// StarlarkSpec defines how to run a function as a starlark program // StarlarkSpec defines how to run a function as a starlark program
@@ -128,7 +148,7 @@ func GetFunctionSpec(n *yaml.RNode) *FunctionSpec {
} }
if fn := getFunctionSpecFromAnnotation(n, meta); fn != nil { if fn := getFunctionSpecFromAnnotation(n, meta); fn != nil {
fn.Container.Network.Name = "" fn.Container.Network.Name = NetworkNameEmpty
fn.StorageMounts = []StorageMount{} fn.StorageMounts = []StorageMount{}
return fn return fn
} }

21
kyaml/runfn/runfn.go
View File

@@ -280,16 +280,12 @@ func (r RunFns) getFunctionFilters(global bool, fns ...*yaml.RNode) (
// TODO(eddiezane): Provide error info about which function needs the network // TODO(eddiezane): Provide error info about which function needs the network
return fltrs, errors.Errorf("network required but not enabled with --network") return fltrs, errors.Errorf("network required but not enabled with --network")
} }
spec.Container.Network.Name = r.NetworkName spec.Container.Network.Name.Set(r.NetworkName)
} }
// command line username has higher priority // command line username has higher priority
if r.User != "" { if r.User != "" {
spec.Container.User = r.User spec.Container.User = r.User
} }
// default user is nobody
if spec.Container.User.IsEmpty() {
spec.Container.User = runtimeutil.UserNobody
}
c, err := r.functionFilterProvider(*spec, api) c, err := r.functionFilterProvider(*spec, api)
if err != nil { if err != nil {
@@ -393,14 +389,13 @@ func (r *RunFns) ffp(spec runtimeutil.FunctionSpec, api *yaml.RNode) (kio.Filter
} }
if !r.DisableContainers && spec.Container.Image != "" { if !r.DisableContainers && spec.Container.Image != "" {
// TODO: Add a test for this behavior // TODO: Add a test for this behavior
cf := &container.Filter{ c := container.NewContainer(runtimeutil.ContainerSpec{
ContainerSpec: runtimeutil.ContainerSpec{ Image: spec.Container.Image,
Image: spec.Container.Image, Network: spec.Container.Network,
Network: spec.Container.Network, StorageMounts: r.StorageMounts,
StorageMounts: r.StorageMounts, User: spec.Container.User,
User: spec.Container.User, })
}, cf := &c
}
cf.Exec.FunctionConfig = api cf.Exec.FunctionConfig = api
cf.Exec.GlobalScope = r.GlobalScope cf.Exec.GlobalScope = r.GlobalScope
cf.Exec.ResultsFile = resultsFile cf.Exec.ResultsFile = resultsFile

6
kyaml/runfn/runfn_test.go
View File

@@ -60,7 +60,8 @@ kind:
return return
} }
filter, _ := instance.functionFilterProvider(spec, api) filter, _ := instance.functionFilterProvider(spec, api)
cf := &container.Filter{ContainerSpec: runtimeutil.ContainerSpec{Image: "example.com:version"}} c := container.NewContainer(runtimeutil.ContainerSpec{Image: "example.com:version"})
cf := &c
cf.Exec.FunctionConfig = api cf.Exec.FunctionConfig = api
assert.Equal(t, cf, filter) assert.Equal(t, cf, filter)
} }
@@ -90,7 +91,8 @@ kind:
return return
} }
filter, _ := instance.functionFilterProvider(spec, api) filter, _ := instance.functionFilterProvider(spec, api)
cf := &container.Filter{ContainerSpec: runtimeutil.ContainerSpec{Image: "example.com:version"}} c := container.NewContainer(runtimeutil.ContainerSpec{Image: "example.com:version"})
cf := &c
cf.Exec.FunctionConfig = api cf.Exec.FunctionConfig = api
cf.Exec.GlobalScope = true cf.Exec.GlobalScope = true
assert.Equal(t, cf, filter) assert.Equal(t, cf, filter)