add privileged feature to ephemeral too (#1813)

metalbear-co · Aug 18, 2023 · 3a14a73 · 3a14a73
1 parent e6d422e
commit 3a14a73
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 3 deletions.
diff --git a/changelog.d/1806.added.md b/changelog.d/1806.added.md
@@ -1,2 +1,3 @@
 Add option to run agent container as privileged - `"agent" : {"privileged": true}`
-Should help with Bottlerocket or other secured k8s environments.
+Should help with Bottlerocket or other secured k8s environments.
+Applicable for both job/ephemeral.
diff --git a/mirrord-schema.json b/mirrord-schema.json
@@ -314,7 +314,7 @@
         },
         "privileged": {
           "title": "agent.privileged {#agent-privileged}",
-          "description": "Run the mirror agent as privileged container. (Not applicable when using ephemeral) Defaults to `false`.\n\nMight be needed in strict environments such as Bottlerocket.",
+          "description": "Run the mirror agent as privileged container. Defaults to `false`.\n\nMight be needed in strict environments such as Bottlerocket.",
           "type": [
             "boolean",
             "null"

diff --git a/mirrord/config/src/agent.rs b/mirrord/config/src/agent.rs
@@ -226,7 +226,7 @@ pub struct AgentConfig {
 
     /// ### agent.privileged {#agent-privileged}
     ///
-    /// Run the mirror agent as privileged container. (Not applicable when using ephemeral)
+    /// Run the mirror agent as privileged container.
     /// Defaults to `false`.
     ///
     /// Might be needed in strict environments such as Bottlerocket.

diff --git a/mirrord/kube/src/api/container.rs b/mirrord/kube/src/api/container.rs
@@ -424,6 +424,7 @@ impl ContainerApi for EphemeralContainer {
                 "capabilities": {
                     "add": get_capabilities(agent),
                 },
+                "privileged": agent.privileged,
             },
             "imagePullPolicy": agent.image_pull_policy,
             "targetContainerName": runtime_data.container_name,