From f2dc5ef03e21fe8061bd7484162f0eb31da31200 Mon Sep 17 00:00:00 2001 From: kartnico Date: Sun, 26 Dec 2021 18:09:36 +0100 Subject: [PATCH] feat(ng): manage docker capabilities in ng state --- docker/compose/ng.sls | 12 ++++++++++++ docs/README.rst | 5 +++++ pillar.example | 5 +++++ 3 files changed, 22 insertions(+) diff --git a/docker/compose/ng.sls b/docker/compose/ng.sls index f82f381e..f92fe2ea 100644 --- a/docker/compose/ng.sls +++ b/docker/compose/ng.sls @@ -55,6 +55,18 @@ docker-compose-ng-{{ id }}-running: - {{ variable }}: {{ value }} {%- endfor %} {%- endif %} + {%- if 'cap_drop' in container and container.cap_drop is iterable %} + - cap_drop: + {%- for cap in container.cap_drop %} + - {{ cap }} + {%- endfor %} + {%- endif %} + {%- if 'cap_add' in container and container.cap_add is iterable %} + - cap_add: + {%- for cap in container.cap_add %} + - {{ cap }} + {%- endfor %} + {%- endif %} {%- if 'ports' in container and container.ports is iterable %} - port_bindings: {%- for port_mapping in container.ports %} diff --git a/docs/README.rst b/docs/README.rst index d81fe5a0..70d7d90f 100644 --- a/docs/README.rst +++ b/docs/README.rst @@ -187,6 +187,11 @@ To use this formula, you might target a host with the following pillar: STORAGE_PATH: *datapath SEARCH_BACKEND: 'sqlalchemy' REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: '/registry' + cap_add: + - ALL + cap_drop: + - NET_ADMIN + - SYS_ADMIN ports: - 127.0.0.1:5000:5000 # restart: 'always' # compose v1.9 diff --git a/pillar.example b/pillar.example index d2e6ef71..d69f1f56 100644 --- a/pillar.example +++ b/pillar.example @@ -121,6 +121,11 @@ docker: STORAGE_PATH: *datapath SEARCH_BACKEND: 'sqlalchemy' REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: '/registry' + cap_add: + - ALL + cap_drop: + - NET_ADMIN + - SYS_ADMIN ports: - 127.0.0.1:5000:5000 # restart: 'always' # compose v1.9