From 6683a38bc83cbe1b02ea1a11848c3d9b88d11def Mon Sep 17 00:00:00 2001 From: Dominik Rosiek Date: Wed, 7 Sep 2022 16:55:37 +0200 Subject: [PATCH] feat: enable privileged mode for container Signed-off-by: Dominik Rosiek --- operator/handler/handler.go | 5 +++++ .../patch_update_1_tailing_sidecar.json | 5 ++++- .../patch_with_2_tailing_sidecars.json | 10 ++++++++-- .../patch_with_3_named_tailing_sidecars.json | 15 +++++++++++--- .../patch_with_3_tailing_sidecars.json | 15 +++++++++++--- ...th_4_named_not_named_tailing_sidecars.json | 20 +++++++++++++++---- 6 files changed, 57 insertions(+), 13 deletions(-) diff --git a/operator/handler/handler.go b/operator/handler/handler.go index 2779cbb9..b5f1c9f8 100644 --- a/operator/handler/handler.go +++ b/operator/handler/handler.go @@ -187,6 +187,8 @@ func (e PodExtender) extendPod(ctx context.Context, pod *corev1.Pod) error { }, }, }) + + privileged := true container := corev1.Container{ Image: e.TailingSidecarImage, @@ -208,6 +210,9 @@ func (e PodExtender) extendPod(ctx context.Context, pod *corev1.Pod) error { MountPath: hostPathMountPath, }, }, + SecurityContext: &corev1.SecurityContext{ + Privileged: &privileged, + }, } containers = append(containers, container) sidecarsCount++ diff --git a/operator/handler/testdata/patch_update_1_tailing_sidecar.json b/operator/handler/testdata/patch_update_1_tailing_sidecar.json index 09cfc156..58fddbd3 100644 --- a/operator/handler/testdata/patch_update_1_tailing_sidecar.json +++ b/operator/handler/testdata/patch_update_1_tailing_sidecar.json @@ -25,7 +25,10 @@ "mountPath": "/tailing-sidecar/var", "name": "volume-sidecar1" } - ] + ], + "securityContext": { + "privileged": true + } } }, { diff --git a/operator/handler/testdata/patch_with_2_tailing_sidecars.json b/operator/handler/testdata/patch_with_2_tailing_sidecars.json index 40e6f993..99554eff 100644 --- a/operator/handler/testdata/patch_with_2_tailing_sidecars.json +++ b/operator/handler/testdata/patch_with_2_tailing_sidecars.json @@ -25,7 +25,10 @@ "mountPath": "/tailing-sidecar/var", "name": "volume-sidecar0" } - ] + ], + "securityContext": { + "privileged": true + } } }, { @@ -54,7 +57,10 @@ "mountPath": "/tailing-sidecar/var", "name": "volume-sidecar1" } - ] + ], + "securityContext": { + "privileged": true + } } }, { diff --git a/operator/handler/testdata/patch_with_3_named_tailing_sidecars.json b/operator/handler/testdata/patch_with_3_named_tailing_sidecars.json index 056d65a7..6968cf9e 100644 --- a/operator/handler/testdata/patch_with_3_named_tailing_sidecars.json +++ b/operator/handler/testdata/patch_with_3_named_tailing_sidecars.json @@ -25,7 +25,10 @@ "mountPath": "/tailing-sidecar/var", "name": "volume-sidecar0" } - ] + ], + "securityContext": { + "privileged": true + } } }, { @@ -54,7 +57,10 @@ "mountPath": "/tailing-sidecar/var", "name": "volume-sidecar1" } - ] + ], + "securityContext": { + "privileged": true + } } }, { @@ -83,7 +89,10 @@ "mountPath": "/tailing-sidecar/var", "name": "volume-sidecar2" } - ] + ], + "securityContext": { + "privileged": true + } } }, { diff --git a/operator/handler/testdata/patch_with_3_tailing_sidecars.json b/operator/handler/testdata/patch_with_3_tailing_sidecars.json index f325e26f..8d7e6177 100644 --- a/operator/handler/testdata/patch_with_3_tailing_sidecars.json +++ b/operator/handler/testdata/patch_with_3_tailing_sidecars.json @@ -58,7 +58,10 @@ "mountPath": "/tailing-sidecar/var", "name": "volume-sidecar0" } - ] + ], + "securityContext": { + "privileged": true + } } }, { @@ -87,7 +90,10 @@ "mountPath": "/tailing-sidecar/var", "name": "volume-sidecar1" } - ] + ], + "securityContext": { + "privileged": true + } } }, { @@ -116,7 +122,10 @@ "mountPath": "/tailing-sidecar/var", "name": "volume-sidecar2" } - ] + ], + "securityContext": { + "privileged": true + } } } ] diff --git a/operator/handler/testdata/patch_with_4_named_not_named_tailing_sidecars.json b/operator/handler/testdata/patch_with_4_named_not_named_tailing_sidecars.json index 1d8ea487..3164d77c 100644 --- a/operator/handler/testdata/patch_with_4_named_not_named_tailing_sidecars.json +++ b/operator/handler/testdata/patch_with_4_named_not_named_tailing_sidecars.json @@ -69,7 +69,10 @@ "mountPath": "/tailing-sidecar/var", "name": "volume-sidecar0" } - ] + ], + "securityContext": { + "privileged": true + } } }, { @@ -98,7 +101,10 @@ "mountPath": "/tailing-sidecar/var", "name": "volume-sidecar1" } - ] + ], + "securityContext": { + "privileged": true + } } }, { @@ -127,7 +133,10 @@ "mountPath": "/tailing-sidecar/var", "name": "volume-sidecar2" } - ] + ], + "securityContext": { + "privileged": true + } } }, { @@ -156,7 +165,10 @@ "mountPath": "/tailing-sidecar/var", "name": "volume-sidecar3" } - ] + ], + "securityContext": { + "privileged": true + } } } ]