Add bind and bind_read_only parameters, not tested yet
This commit is contained in:
parent
77a2fb9190
commit
cf4285e812
1 changed files with 40 additions and 10 deletions
|
@ -16,6 +16,7 @@ import (
|
||||||
"github.com/hashicorp/nomad/drivers/shared/eventer"
|
"github.com/hashicorp/nomad/drivers/shared/eventer"
|
||||||
"github.com/hashicorp/nomad/drivers/shared/executor"
|
"github.com/hashicorp/nomad/drivers/shared/executor"
|
||||||
"github.com/hashicorp/nomad/drivers/shared/resolvconf"
|
"github.com/hashicorp/nomad/drivers/shared/resolvconf"
|
||||||
|
"github.com/hashicorp/nomad/helper/pluginutils/hclutils"
|
||||||
"github.com/hashicorp/nomad/helper/pluginutils/loader"
|
"github.com/hashicorp/nomad/helper/pluginutils/loader"
|
||||||
"github.com/hashicorp/nomad/helper/pointer"
|
"github.com/hashicorp/nomad/helper/pointer"
|
||||||
"github.com/hashicorp/nomad/plugins/base"
|
"github.com/hashicorp/nomad/plugins/base"
|
||||||
|
@ -76,12 +77,14 @@ var (
|
||||||
// taskConfigSpec is the hcl specification for the driver config section of
|
// taskConfigSpec is the hcl specification for the driver config section of
|
||||||
// a task within a job. It is returned in the TaskConfigSchema RPC
|
// a task within a job. It is returned in the TaskConfigSchema RPC
|
||||||
taskConfigSpec = hclspec.NewObject(map[string]*hclspec.Spec{
|
taskConfigSpec = hclspec.NewObject(map[string]*hclspec.Spec{
|
||||||
"command": hclspec.NewAttr("command", "string", true),
|
"command": hclspec.NewAttr("command", "string", true),
|
||||||
"args": hclspec.NewAttr("args", "list(string)", false),
|
"args": hclspec.NewAttr("args", "list(string)", false),
|
||||||
"pid_mode": hclspec.NewAttr("pid_mode", "string", false),
|
"bind": hclspec.NewAttr("bind", "list(map(string))", false),
|
||||||
"ipc_mode": hclspec.NewAttr("ipc_mode", "string", false),
|
"bind_read_only": hclspec.NewAttr("bind_read_only", "list(map(string))", false),
|
||||||
"cap_add": hclspec.NewAttr("cap_add", "list(string)", false),
|
"pid_mode": hclspec.NewAttr("pid_mode", "string", false),
|
||||||
"cap_drop": hclspec.NewAttr("cap_drop", "list(string)", false),
|
"ipc_mode": hclspec.NewAttr("ipc_mode", "string", false),
|
||||||
|
"cap_add": hclspec.NewAttr("cap_add", "list(string)", false),
|
||||||
|
"cap_drop": hclspec.NewAttr("cap_drop", "list(string)", false),
|
||||||
})
|
})
|
||||||
|
|
||||||
// driverCapabilities represents the RPC response for what features are
|
// driverCapabilities represents the RPC response for what features are
|
||||||
|
@ -179,6 +182,12 @@ type TaskConfig struct {
|
||||||
// Args are passed along to Command.
|
// Args are passed along to Command.
|
||||||
Args []string `codec:"args"`
|
Args []string `codec:"args"`
|
||||||
|
|
||||||
|
// Paths to bind for read-write acess
|
||||||
|
Bind hclutils.MapStrStr `codec:"bind"`
|
||||||
|
|
||||||
|
// Paths to bind for read-only acess
|
||||||
|
BindReadOnly hclutils.MapStrStr `codec:"bind_read_only"`
|
||||||
|
|
||||||
// ModePID indicates whether PID namespace isolation is enabled for the task.
|
// ModePID indicates whether PID namespace isolation is enabled for the task.
|
||||||
// Must be "private" or "host" if set.
|
// Must be "private" or "host" if set.
|
||||||
ModePID string `codec:"pid_mode"`
|
ModePID string `codec:"pid_mode"`
|
||||||
|
@ -235,11 +244,11 @@ func NewPlugin(logger hclog.Logger) drivers.DriverPlugin {
|
||||||
ctx, cancel := context.WithCancel(context.Background())
|
ctx, cancel := context.WithCancel(context.Background())
|
||||||
logger = logger.Named(pluginName)
|
logger = logger.Named(pluginName)
|
||||||
return &Driver{
|
return &Driver{
|
||||||
eventer: eventer.NewEventer(ctx, logger),
|
eventer: eventer.NewEventer(ctx, logger),
|
||||||
tasks: newTaskStore(),
|
tasks: newTaskStore(),
|
||||||
ctx: ctx,
|
ctx: ctx,
|
||||||
signalShutdown: cancel,
|
signalShutdown: cancel,
|
||||||
logger: logger,
|
logger: logger,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -466,6 +475,27 @@ func (d *Driver) StartTask(cfg *drivers.TaskConfig) (*drivers.TaskHandle, *drive
|
||||||
cfg.Mounts = append(cfg.Mounts, dnsMount)
|
cfg.Mounts = append(cfg.Mounts, dnsMount)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if driverConfig.Bind != nil {
|
||||||
|
for k, v := range driverConfig.Bind {
|
||||||
|
cfg.Mounts = append(cfg.Mounts, &drivers.MountConfig{
|
||||||
|
TaskPath: v,
|
||||||
|
HostPath: k,
|
||||||
|
Readonly: false,
|
||||||
|
PropagationMode: "private",
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if driverConfig.BindReadOnly != nil {
|
||||||
|
for k, v := range driverConfig.Bind {
|
||||||
|
cfg.Mounts = append(cfg.Mounts, &drivers.MountConfig{
|
||||||
|
TaskPath: v,
|
||||||
|
HostPath: k,
|
||||||
|
Readonly: true,
|
||||||
|
PropagationMode: "private",
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
caps, err := capabilities.Calculate(
|
caps, err := capabilities.Calculate(
|
||||||
capabilities.NomadDefaults(), d.config.AllowCaps, driverConfig.CapAdd, driverConfig.CapDrop,
|
capabilities.NomadDefaults(), d.config.AllowCaps, driverConfig.CapAdd, driverConfig.CapDrop,
|
||||||
)
|
)
|
||||||
|
|
Loading…
Reference in a new issue