Merge pull request #645 from GLYASAI/privilege

enable privileged for service
2024-12-02 19:57:42 +08:00 · 2020-01-19 13:55:39 +08:00 · 2020-01-19 13:55:39 +08:00 · 3d5ea8ccb3
commit 3d5ea8ccb3
parent 16b8a7f7a5 607d933fa4
4 changed files with 30 additions and 10 deletions
--- a/db/dao/dao.go
+++ b/db/dao/dao.go
@ -298,6 +298,7 @@ type TenantServiceLabelDao interface {
 	DelTenantServiceLabelsByServiceIDKey(serviceID string, labelKey string) error
 	DelTenantServiceLabelsByServiceIDKeyValue(serviceID string, labelKey string, labelValue string) error
 	GetLabelByNodeSelectorKey(serviceID string, labelValue string) (*model.TenantServiceLable, error)
+	GetPrivilegedLabel(serviceID string) (*model.TenantServiceLable, error)
 }

 //LocalSchedulerDao 本地调度信息
--- a/db/model/tenant.go
+++ b/db/model/tenant.go
@ -432,6 +432,9 @@ var LabelKeyServiceAffinity = "service-affinity"
 //LabelKeyServiceAntyAffinity 应用反亲和标签
 var LabelKeyServiceAntyAffinity = "service-anti-affinity"

+// LabelKeyServicePrivileged -
+var LabelKeyServicePrivileged = "privileged"
+
 //TenantServiceProbe 应用探针信息
 type TenantServiceProbe struct {
 	Model
--- a/db/mysql/dao/tenants.go
+++ b/db/mysql/dao/tenants.go
@ -1451,6 +1451,15 @@ func (t *ServiceLabelDaoImpl) GetTenantServiceTypeLabel(serviceID string) (*mode
 	return &label, nil
 }

+// GetPrivilegedLabel -
+func (t *ServiceLabelDaoImpl) GetPrivilegedLabel(serviceID string) (*model.TenantServiceLable, error) {
+	var label model.TenantServiceLable
+	if err := t.DB.Where("service_id=? and label_value=?", serviceID, model.LabelKeyServicePrivileged).Find(&label).Error; err != nil {
+		return nil, err
+	}
+	return &label, nil
+}
+
 //DelTenantServiceLabelsByLabelValuesAndServiceID DELTenantServiceLabelsByLabelvaluesAndServiceID
 func (t *ServiceLabelDaoImpl) DelTenantServiceLabelsByLabelValuesAndServiceID(serviceID string) error {
 	var label model.TenantServiceLable
--- a/worker/appm/conversion/version.go
+++ b/worker/appm/conversion/version.go
@ -20,6 +20,7 @@ package conversion

 import (
 	"fmt"
+	"github.com/jinzhu/gorm"
 	"os"
 	"sort"
 	"strconv"
@ -119,7 +120,8 @@ func getMainContainer(as *v1.AppService, version *dbmodel.VersionInfo, dv *volum
 			imagename = version.DeliveredPath
 		}
 	}
-	return &corev1.Container{
+
+	c := &corev1.Container{
 		Name:           as.ServiceID,
 		Image:          imagename,
 		Args:           args,
@ -129,16 +131,18 @@ func getMainContainer(as *v1.AppService, version *dbmodel.VersionInfo, dv *volum
 		LivenessProbe:  createProbe(as, dbmanager, "liveness"),
 		ReadinessProbe: createProbe(as, dbmanager, "readiness"),
 		Resources:      resources,
-	}, nil
-}
-
-func getenv(key string, envs []corev1.EnvVar) string {
-	for _, env := range envs {
-		if env.Name == key {
-			return env.Value
-		}
 	}
-	return ""
+
+	label, err := dbmanager.TenantServiceLabelDao().GetPrivilegedLabel(as.ServiceID)
+	if err != nil && err != gorm.ErrRecordNotFound {
+		return nil, fmt.Errorf("get privileged label: %v", err)
+	}
+	if label != nil {
+		logrus.Infof("service id: %s; enable privileged.", as.ServiceID)
+		c.SecurityContext = &corev1.SecurityContext{Privileged: util.Bool(true)}
+	}
+
+	return c, nil
 }

 func createArgs(version *dbmodel.VersionInfo, envs []corev1.EnvVar) (args []string) {
@ -650,6 +654,9 @@ func createNodeSelector(as *v1.AppService, dbmanager db.Manager) map[string]stri
 				selector[client.LabelOS] = l.LabelValue
 				continue
 			}
+			if l.LabelValue == model.LabelKeyServicePrivileged {
+				continue
+			}
 			if strings.Contains(l.LabelValue, "=") {
 				kv := strings.SplitN(l.LabelValue, "=", 1)
 				selector[kv[0]] = kv[1]