use of io.kubernetes.client.openapi.models.V1SecurityContext in project submarine by apache.
the class SSHGitCodeLocalizer method localize.
@Override
public void localize(V1PodSpec podSpec) {
super.localize(podSpec);
for (V1Container container : podSpec.getInitContainers()) {
if (container.getName().equals(CODE_LOCALIZER_INIT_CONTAINER_NAME)) {
List<V1EnvVar> gitSyncEnvVars = container.getEnv();
V1EnvVar sshEnv = new V1EnvVar();
sshEnv.setName(GIT_SYNC_SSH_NAME);
sshEnv.setValue(GIT_SYNC_SSH_VALUE);
gitSyncEnvVars.add(sshEnv);
List<V1VolumeMount> mounts = container.getVolumeMounts();
V1VolumeMount mount = new V1VolumeMount();
mount.setName(GIT_SECRET_MOUNT_NAME);
mount.setMountPath(GIT_SECRET_PATH);
mount.setReadOnly(true);
mounts.add(mount);
V1SecurityContext containerSecurityContext = new V1SecurityContext();
containerSecurityContext.setRunAsUser(SSHGitCodeLocalizer.GIT_SYNC_USER);
container.setSecurityContext(containerSecurityContext);
}
}
}
Aggregations