feat: support container security context

bentoml · Dec 6, 2022 · 547319a · 547319a
1 parent ae4fb4e
commit 547319a
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/controllers/bentodeployment_controller.go b/controllers/bentodeployment_controller.go
@@ -1614,6 +1614,22 @@ func (r *BentoDeploymentReconciler) generatePodTemplateSpec(ctx context.Context,
 		},
 	}
 
+	if resourceAnnotations["yatai.ai/enable-container-privileged"] == consts.KubeLabelTrue {
+		if container.SecurityContext == nil {
+			container.SecurityContext = &corev1.SecurityContext{}
+		}
+		container.SecurityContext.Privileged = &[]bool{true}[0]
+	}
+
+	if resourceAnnotations["yatai.ai/enable-container-ptrace"] == consts.KubeLabelTrue {
+		if container.SecurityContext == nil {
+			container.SecurityContext = &corev1.SecurityContext{}
+		}
+		container.SecurityContext.Capabilities = &corev1.Capabilities{
+			Add: []corev1.Capability{"SYS_PTRACE"},
+		}
+	}
+
 	containers = append(containers, container)
 
 	metricsPort := containerPort + 1