Skip to content

Commit 30a490a

Browse files
authored
Merge pull request #1121 from stashed/baseline-psp
Co-authored-by: Tamal Saha <tamal@appscode.com>
2 parents cf1538a + 419a18e commit 30a490a

File tree

3 files changed

+19
-18
lines changed

3 files changed

+19
-18
lines changed

pkg/cmds/server/options.go

Lines changed: 11 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,6 @@ limitations under the License.
1717
package server
1818

1919
import (
20-
"flag"
2120
"fmt"
2221
"time"
2322

@@ -46,6 +45,9 @@ type ExtraOptions struct {
4645
ResyncPeriod time.Duration
4746
EnableValidatingWebhook bool
4847
EnableMutatingWebhook bool
48+
CronJobPSPNames []string
49+
BackupJobPSPNames []string
50+
RestoreJobPSPNames []string
4951
}
5052

5153
func NewExtraOptions() *ExtraOptions {
@@ -61,7 +63,7 @@ func NewExtraOptions() *ExtraOptions {
6163
}
6264
}
6365

64-
func (s *ExtraOptions) AddGoFlags(fs *flag.FlagSet) {
66+
func (s *ExtraOptions) AddFlags(fs *pflag.FlagSet) {
6567
fs.StringVar(&s.ScratchDir, "scratch-dir", s.ScratchDir, "Directory used to store temporary files. Use an `emptyDir` in Kubernetes.")
6668
fs.StringVar(&s.StashImageTag, "image-tag", s.StashImageTag, "Image tag for sidecar, init-container, check-job and recovery-job")
6769
fs.StringVar(&s.DockerRegistry, "docker-registry", s.DockerRegistry, "Docker image registry for sidecar, init-container, check-job, recovery-job and kubectl-job")
@@ -72,12 +74,10 @@ func (s *ExtraOptions) AddGoFlags(fs *flag.FlagSet) {
7274

7375
fs.BoolVar(&s.EnableMutatingWebhook, "enable-mutating-webhook", s.EnableMutatingWebhook, "If true, enables mutating webhooks for KubeDB CRDs.")
7476
fs.BoolVar(&s.EnableValidatingWebhook, "enable-validating-webhook", s.EnableValidatingWebhook, "If true, enables validating webhooks for KubeDB CRDs.")
75-
}
7677

77-
func (s *ExtraOptions) AddFlags(fs *pflag.FlagSet) {
78-
pfs := flag.NewFlagSet("stash", flag.ExitOnError)
79-
s.AddGoFlags(pfs)
80-
fs.AddGoFlagSet(pfs)
78+
fs.StringSliceVar(&s.CronJobPSPNames, "cron-job-psp", s.CronJobPSPNames, "Name of the PSPs for backup triggering CronJob. Use comma to separate multiple PSP names.")
79+
fs.StringSliceVar(&s.BackupJobPSPNames, "backup-job-psp", s.BackupJobPSPNames, "Name of the PSPs for backup job. Use comma to separate multiple PSP names.")
80+
fs.StringSliceVar(&s.RestoreJobPSPNames, "restore-job-psp", s.RestoreJobPSPNames, "Name of the PSPs for restore job. Use comma to separate multiple PSP names.")
8181
}
8282

8383
func (s *ExtraOptions) ApplyTo(cfg *controller.Config) error {
@@ -93,6 +93,10 @@ func (s *ExtraOptions) ApplyTo(cfg *controller.Config) error {
9393
cfg.EnableMutatingWebhook = s.EnableMutatingWebhook
9494
cfg.EnableValidatingWebhook = s.EnableValidatingWebhook
9595

96+
cfg.CronJobPSPNames = s.CronJobPSPNames
97+
cfg.BackupJobPSPNames = s.BackupJobPSPNames
98+
cfg.RestoreJobPSPNames = s.RestoreJobPSPNames
99+
96100
if cfg.KubeClient, err = kubernetes.NewForConfig(cfg.ClientConfig); err != nil {
97101
return err
98102
}

pkg/controller/config.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,9 @@ type config struct {
5252
ResyncPeriod time.Duration
5353
EnableValidatingWebhook bool
5454
EnableMutatingWebhook bool
55+
CronJobPSPNames []string
56+
BackupJobPSPNames []string
57+
RestoreJobPSPNames []string
5558
}
5659

5760
type Config struct {

pkg/controller/psp.go

Lines changed: 5 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -24,21 +24,15 @@ import (
2424
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
2525
)
2626

27-
const (
28-
DefaultBackupSessionCronJobPSPName = "stash-backupsession-cron"
29-
DefaultBackupJobPSPName = "stash-backup-job"
30-
DefaultRestoreJobPSPName = "stash-restore-job"
31-
)
32-
3327
func (c *StashController) getBackupSessionCronJobPSPNames() []string {
3428
// BackupSession cron does not need any custom PSP. So, default minimum privileged
35-
return []string{DefaultBackupSessionCronJobPSPName}
29+
return c.CronJobPSPNames
3630
}
3731

3832
func (c *StashController) getBackupJobPSPNames(taskRef api_v1beta1.TaskRef) ([]string, error) {
3933
// if task field is empty then return default backup job psp
4034
if taskRef.Name == "" {
41-
return []string{DefaultBackupJobPSPName}, nil
35+
return c.BackupJobPSPNames, nil
4236
}
4337

4438
// find out task and then functions. finally, get psp names from the functions
@@ -63,13 +57,13 @@ func (c *StashController) getBackupJobPSPNames(taskRef api_v1beta1.TaskRef) ([]s
6357
}
6458

6559
// if no PSP name is specified, then return default PSP for backup job
66-
return []string{DefaultBackupJobPSPName}, nil
60+
return c.BackupJobPSPNames, nil
6761
}
6862

6963
func (c *StashController) getRestoreJobPSPNames(restoreSession *api_v1beta1.RestoreSession) ([]string, error) {
7064
// if task field is empty then return default restore job psp
7165
if restoreSession.Spec.Task.Name == "" {
72-
return []string{DefaultRestoreJobPSPName}, nil
66+
return c.RestoreJobPSPNames, nil
7367
}
7468

7569
// find out task and then functions. finally, get psp names from the functions
@@ -94,5 +88,5 @@ func (c *StashController) getRestoreJobPSPNames(restoreSession *api_v1beta1.Rest
9488
}
9589

9690
// if no PSP name is specified, then return default PSP for restore job
97-
return []string{DefaultRestoreJobPSPName}, nil
91+
return c.RestoreJobPSPNames, nil
9892
}

0 commit comments

Comments
 (0)