diff --git a/Godeps/_workspace/src/k8s.io/kubernetes/api/swagger-spec/v1.json b/Godeps/_workspace/src/k8s.io/kubernetes/api/swagger-spec/v1.json index d0b7ceb3e84f..7f819c50d56f 100644 --- a/Godeps/_workspace/src/k8s.io/kubernetes/api/swagger-spec/v1.json +++ b/Godeps/_workspace/src/k8s.io/kubernetes/api/swagger-spec/v1.json @@ -13061,6 +13061,11 @@ "$ref": "integer" }, "description": "SupplementalGroups can be used to specify a list of additional groups which the main container process will run as. This will be applied to all containers in the pod in addition to the primary group of the cotainer." + }, + "fsGroup": { + "type": "integer", + "format": "int64", + "description": "FSGroup is a special supplemental group that all containers in a pod run as. If FSGroup is set, the kubelet will make the volumes the pod has exclusive ownership of owned by this group and set the setgid bit on the volume directory so that new files created in the volume are also owned by the FS group. If FSGroup is not set, the kubelet will not change the ownership of any volumes." } } }, diff --git a/Godeps/_workspace/src/k8s.io/kubernetes/pkg/api/deep_copy_generated.go b/Godeps/_workspace/src/k8s.io/kubernetes/pkg/api/deep_copy_generated.go index ab31b8b25ab8..ba9d1c716333 100644 --- a/Godeps/_workspace/src/k8s.io/kubernetes/pkg/api/deep_copy_generated.go +++ b/Godeps/_workspace/src/k8s.io/kubernetes/pkg/api/deep_copy_generated.go @@ -1397,6 +1397,12 @@ func deepCopy_api_PodSecurityContext(in PodSecurityContext, out *PodSecurityCont } else { out.SupplementalGroups = nil } + if in.FSGroup != nil { + out.FSGroup = new(int) + *out.FSGroup = *in.FSGroup + } else { + out.FSGroup = nil + } return nil } diff --git a/Godeps/_workspace/src/k8s.io/kubernetes/pkg/api/types.go b/Godeps/_workspace/src/k8s.io/kubernetes/pkg/api/types.go index 70f5c2bb7bdc..a299d75616c1 100644 --- a/Godeps/_workspace/src/k8s.io/kubernetes/pkg/api/types.go +++ b/Godeps/_workspace/src/k8s.io/kubernetes/pkg/api/types.go @@ -1007,6 +1007,14 @@ type PodSecurityContext struct { // as. This will be applied to all containers in the pod in // addition to the primary group of the cotainer. SupplementalGroups []int `json:"supplementalGroups,omitempty"` + + // FSGroup is a special supplemental group that all containers in a pod + // run as. If FSGroup is set, the kubelet will make the volumes the pod + // has exclusive ownership of owned by this group and set the setgid bit + // on the volume directory so that new files created in the volume are + // also owned by the FS group. If FSGroup is not set, the kubelet will not + // change the ownership of any volumes. + FSGroup *int `json:"fsGroup,omitempty"` } // PodStatus represents information about the status of a pod. Status may trail the actual diff --git a/Godeps/_workspace/src/k8s.io/kubernetes/pkg/api/v1/conversion.go b/Godeps/_workspace/src/k8s.io/kubernetes/pkg/api/v1/conversion.go index 4c492f1ae806..4a161a64ec6c 100644 --- a/Godeps/_workspace/src/k8s.io/kubernetes/pkg/api/v1/conversion.go +++ b/Godeps/_workspace/src/k8s.io/kubernetes/pkg/api/v1/conversion.go @@ -289,6 +289,8 @@ func convert_api_PodSpec_To_v1_PodSpec(in *api.PodSpec, out *PodSpec, s conversi return err } + // the host namespace fields have to be handled here for backward compatibilty + // with v1.0.0 out.HostPID = in.SecurityContext.HostPID out.HostNetwork = in.SecurityContext.HostNetwork out.HostIPC = in.SecurityContext.HostIPC @@ -375,6 +377,9 @@ func convert_v1_PodSpec_To_api_PodSpec(in *PodSpec, out *api.PodSpec, s conversi return err } } + + // the host namespace fields have to be handled specially for backward compatibility + // with v1.0.0 if out.SecurityContext == nil { out.SecurityContext = new(api.PodSecurityContext) } @@ -494,6 +499,10 @@ func convert_api_PodSecurityContext_To_v1_PodSecurityContext(in *api.PodSecurity } out.SupplementalGroups = in.SupplementalGroups + if in.FSGroup != nil { + out.FSGroup = new(int) + *out.FSGroup = *in.FSGroup + } return nil } @@ -503,5 +512,9 @@ func convert_v1_PodSecurityContext_To_api_PodSecurityContext(in *PodSecurityCont } out.SupplementalGroups = in.SupplementalGroups + if in.FSGroup != nil { + out.FSGroup = new(int) + *out.FSGroup = *in.FSGroup + } return nil } diff --git a/Godeps/_workspace/src/k8s.io/kubernetes/pkg/api/v1/deep_copy_generated.go b/Godeps/_workspace/src/k8s.io/kubernetes/pkg/api/v1/deep_copy_generated.go index af43dd1a0938..dc3af47602cb 100644 --- a/Godeps/_workspace/src/k8s.io/kubernetes/pkg/api/v1/deep_copy_generated.go +++ b/Godeps/_workspace/src/k8s.io/kubernetes/pkg/api/v1/deep_copy_generated.go @@ -1415,6 +1415,12 @@ func deepCopy_v1_PodSecurityContext(in PodSecurityContext, out *PodSecurityConte } else { out.SupplementalGroups = nil } + if in.FSGroup != nil { + out.FSGroup = new(int) + *out.FSGroup = *in.FSGroup + } else { + out.FSGroup = nil + } return nil } diff --git a/Godeps/_workspace/src/k8s.io/kubernetes/pkg/api/v1/types.go b/Godeps/_workspace/src/k8s.io/kubernetes/pkg/api/v1/types.go index 8a4b41e69158..cc3029313fb0 100644 --- a/Godeps/_workspace/src/k8s.io/kubernetes/pkg/api/v1/types.go +++ b/Godeps/_workspace/src/k8s.io/kubernetes/pkg/api/v1/types.go @@ -1257,6 +1257,14 @@ type PodSecurityContext struct { // as. This will be applied to all containers in the pod in // addition to the primary group of the cotainer. SupplementalGroups []int `json:"supplementalGroups,omitempty"` + + // FSGroup is a special supplemental group that all containers in a pod + // run as. If FSGroup is set, the kubelet will make the volumes the pod + // has exclusive ownership of owned by this group and set the setgid bit + // on the volume directory so that new files created in the volume are + // also owned by the FS group. If FSGroup is not set, the kubelet will not + // change the ownership of any volumes. + FSGroup *int `json:"fsGroup,omitempty"` } // PodStatus represents information about the status of a pod. Status may trail the actual diff --git a/Godeps/_workspace/src/k8s.io/kubernetes/pkg/api/v1/types_swagger_doc_generated.go b/Godeps/_workspace/src/k8s.io/kubernetes/pkg/api/v1/types_swagger_doc_generated.go index 7753b83086ff..8fb6037f44c9 100644 --- a/Godeps/_workspace/src/k8s.io/kubernetes/pkg/api/v1/types_swagger_doc_generated.go +++ b/Godeps/_workspace/src/k8s.io/kubernetes/pkg/api/v1/types_swagger_doc_generated.go @@ -944,6 +944,7 @@ func (PodProxyOptions) SwaggerDoc() map[string]string { var map_PodSecurityContext = map[string]string{ "": "PodSecurityContext holds pod-level security attributes and common container settings.", "supplementalGroups": "SupplementalGroups can be used to specify a list of additional groups which the main container process will run as. This will be applied to all containers in the pod in addition to the primary group of the cotainer.", + "fsGroup": "FSGroup is a special supplemental group that all containers in a pod run as. If FSGroup is set, the kubelet will make the volumes the pod has exclusive ownership of owned by this group and set the setgid bit on the volume directory so that new files created in the volume are also owned by the FS group. If FSGroup is not set, the kubelet will not change the ownership of any volumes.", } func (PodSecurityContext) SwaggerDoc() map[string]string {