Example 1 with SecurityContextConstraints
use of io.fabric8.openshift.api.model.SecurityContextConstraints in project fabric8 by fabric8io.
the class SessionListener method generateServiceAccount.
private void generateServiceAccount(KubernetesClient client, Session session, Set<Secret> secrets, String serviceAccountName) {
List<ObjectReference> secretRefs = new ArrayList<>();
for (Secret secret : secrets) {
secretRefs.add(new ObjectReferenceBuilder().withNamespace(session.getNamespace()).withName(KubernetesHelper.getName(secret)).build());
}
SecurityContextConstraints securityContextConstraints = client.securityContextConstraints().withName(session.getNamespace()).get();
if (securityContextConstraints == null) {
client.securityContextConstraints().createNew().withNewMetadata().withName(session.getNamespace()).endMetadata().withAllowHostDirVolumePlugin(true).withAllowPrivilegedContainer(true).withNewRunAsUser().withType("RunAsAny").endRunAsUser().withNewSeLinuxContext().withType("RunAsAny").endSeLinuxContext().withUsers("system:serviceaccount:" + session.getNamespace() + ":" + serviceAccountName).done();
}
ServiceAccount serviceAccount = client.serviceAccounts().inNamespace(session.getNamespace()).withName(serviceAccountName).get();
if (serviceAccount == null) {
client.serviceAccounts().inNamespace(session.getNamespace()).createNew().withNewMetadata().withName(serviceAccountName).endMetadata().withSecrets(secretRefs).done();
} else {
client.serviceAccounts().inNamespace(session.getNamespace()).withName(serviceAccountName).replace(new ServiceAccountBuilder(serviceAccount).withNewMetadata().withName(serviceAccountName).endMetadata().addToSecrets(secretRefs.toArray(new ObjectReference[secretRefs.size()])).build());
}
}
Also used :
SecurityContextConstraints(io.fabric8.openshift.api.model.SecurityContextConstraints)
Example 2 with SecurityContextConstraints
use of io.fabric8.openshift.api.model.SecurityContextConstraints in project syndesis-qe by syndesisio.
the class SFTP method deploy.
@Override
public void deploy() {
// preparation for our specific SFTP image to fit Openshift requirements:
OpenShiftUtils.getInstance().serviceAccounts().createNew().withNewMetadata().withName(serviceAccountName).endMetadata().addToImagePullSecrets(new LocalObjectReference(TestConfiguration.syndesisPullSecretName())).done();
OpenShiftUtils.getInstance().securityContextConstraints().withName("anyuid").edit().addNewUser("system:serviceaccount:" + TestConfiguration.openShiftNamespace() + ":" + serviceAccountName).done();
OpenShiftUtils.getInstance().securityContextConstraints().withName("anyuid").edit().addToDefaultAddCapabilities("SYS_CHROOT").done();
if (!isDeployed()) {
List<ContainerPort> ports = new LinkedList<>();
ports.add(new ContainerPortBuilder().withName("sftp-cmd").withContainerPort(sftpPort).withProtocol("TCP").build());
List<EnvVar> templateParams = new ArrayList<>();
templateParams.add(new EnvVar("SFTP_USERS", userAndPassword, null));
OpenShiftUtils.getInstance().deploymentConfigs().createOrReplaceWithNew().editOrNewMetadata().withName(appName).addToLabels(labelName, appName).endMetadata().editOrNewSpec().addToSelector(labelName, appName).withReplicas(1).editOrNewTemplate().editOrNewMetadata().addToLabels(labelName, appName).endMetadata().editOrNewSpec().addNewContainer().withName(appName).withImage("quay.io/syndesis_qe/sftpd-alp:latest").addAllToPorts(ports).addAllToEnv(templateParams).endContainer().withServiceAccount(serviceAccountName).endSpec().endTemplate().addNewTrigger().withType("ConfigChange").endTrigger().endSpec().done();
ServiceSpecBuilder serviceSpecBuilder = new ServiceSpecBuilder().addToSelector(labelName, appName);
serviceSpecBuilder.addToPorts(new ServicePortBuilder().withName("sftp-cmd").withPort(sftpPort).withTargetPort(new IntOrString(sftpPort)).build());
OpenShiftUtils.getInstance().services().createOrReplaceWithNew().editOrNewMetadata().withName(appName).addToLabels(labelName, appName).endMetadata().editOrNewSpecLike(serviceSpecBuilder.build()).endSpec().done();
}
}
Also used :
ServiceSpecBuilder(io.fabric8.kubernetes.api.model.ServiceSpecBuilder)
ServicePortBuilder(io.fabric8.kubernetes.api.model.ServicePortBuilder)
IntOrString(io.fabric8.kubernetes.api.model.IntOrString)
LocalObjectReference(io.fabric8.kubernetes.api.model.LocalObjectReference)
ContainerPortBuilder(io.fabric8.kubernetes.api.model.ContainerPortBuilder)
ContainerPort(io.fabric8.kubernetes.api.model.ContainerPort)
ArrayList(java.util.ArrayList)
EnvVar(io.fabric8.kubernetes.api.model.EnvVar)
LinkedList(java.util.LinkedList)
Aggregations
ContainerPort (io.fabric8.kubernetes.api.model.ContainerPort)1
ContainerPortBuilder (io.fabric8.kubernetes.api.model.ContainerPortBuilder)1
EnvVar (io.fabric8.kubernetes.api.model.EnvVar)1
IntOrString (io.fabric8.kubernetes.api.model.IntOrString)1
LocalObjectReference (io.fabric8.kubernetes.api.model.LocalObjectReference)1
ServicePortBuilder (io.fabric8.kubernetes.api.model.ServicePortBuilder)1
ServiceSpecBuilder (io.fabric8.kubernetes.api.model.ServiceSpecBuilder)1
SecurityContextConstraints (io.fabric8.openshift.api.model.SecurityContextConstraints)1
ArrayList (java.util.ArrayList)1
LinkedList (java.util.LinkedList)1
