github/k3k
1
0
Fork 0
mirror of https://github.com/rancher/k3k.git synced 2026-05-24 10:12:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Custom runtime class and security context (#742)

Browse Source 
* Add experimental runtimeClass and securityContext to spec

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
This commit is contained in:
Hussein Galal
2026-04-09 10:22:46 +02:00
committed by GitHub
parent 1808926d44
commit 96d812a3cb
10 changed files with 724 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
pkg/controller/cluster/server/server.go
View File

@@ -246,6 +246,24 @@ func (s *Server) podSpec(ctx context.Context, image, name string, persistent boo
}
}
securityContext := s.cluster.Spec.SecurityContext
if s.cluster.Status.Policy != nil && s.cluster.Status.Policy.SecurityContext != nil {
log.V(1).Info("Using securityContext configuration from policy", "policyName", s.cluster.Status.PolicyName, "clusterName", s.cluster.Name)
securityContext = s.cluster.Status.Policy.SecurityContext
}
if securityContext != nil {
podSpec.Containers[0].SecurityContext = securityContext
}
runtimeClassName := s.cluster.Spec.RuntimeClassName
if s.cluster.Status.Policy != nil && s.cluster.Status.Policy.RuntimeClassName != nil {
log.V(1).Info("Using runtimeClassName from policy", "policyName", s.cluster.Status.PolicyName, "clusterName", s.cluster.Name)
runtimeClassName = s.cluster.Status.Policy.RuntimeClassName
}
podSpec.RuntimeClassName = runtimeClassName
// specify resource limits if specified for the servers.
if s.cluster.Spec.ServerLimit != nil {
podSpec.Containers[0].Resources = v1.ResourceRequirements{