Skip to content

Commit

Permalink
add shareProcessNamespace to pod spec
Browse files Browse the repository at this point in the history
  • Loading branch information
chensjlv committed Nov 13, 2024
1 parent 868f66c commit e607bc5
Show file tree
Hide file tree
Showing 11 changed files with 169 additions and 0 deletions.
11 changes: 11 additions & 0 deletions src/pod.ts
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ export abstract class AbstractPod extends base.Resource implements IPodSelector,
public readonly dns: PodDns;
public readonly dockerRegistryAuth?: secret.ISecret;
public readonly automountServiceAccountToken: boolean;
public readonly shareProcessNamespace: boolean;
public readonly hostNetwork?: boolean;
public readonly terminationGracePeriod?: Duration;

Expand All @@ -40,6 +41,7 @@ export abstract class AbstractPod extends base.Resource implements IPodSelector,
this.dns = new PodDns(props.dns);
this.dockerRegistryAuth = props.dockerRegistryAuth;
this.automountServiceAccountToken = props.automountServiceAccountToken ?? false;
this.shareProcessNamespace = props.shareProcessNamespace ?? false;
this.isolate = props.isolate ?? false;
this.hostNetwork = props.hostNetwork ?? false;
this.terminationGracePeriod = props.terminationGracePeriod ?? Duration.seconds(30);
Expand Down Expand Up @@ -249,6 +251,7 @@ export abstract class AbstractPod extends base.Resource implements IPodSelector,
setHostnameAsFqdn: dns.hostnameAsFQDN,
imagePullSecrets: this.dockerRegistryAuth ? [{ name: this.dockerRegistryAuth.name }] : undefined,
automountServiceAccountToken: this.automountServiceAccountToken,
shareProcessNamespace: this.shareProcessNamespace,
hostNetwork: this.hostNetwork,
terminationGracePeriodSeconds: this.terminationGracePeriod?.toSeconds(),
};
Expand Down Expand Up @@ -437,6 +440,14 @@ export interface AbstractPodProps extends base.ResourceProps {
*/
readonly automountServiceAccountToken?: boolean;

/**
* When process namespace sharing is enabled, processes in a container are visible to all other containers in the same pod.
*
* @default false
* @see https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/
*/
readonly shareProcessNamespace?: boolean;

/**
* Isolates the pod. This will prevent any ingress or egress connections to / from this pod.
* You can however allow explicit connections post instantiation by using the `.connections` property.
Expand Down
5 changes: 5 additions & 0 deletions test/__snapshots__/container.test.ts.snap

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 3 additions & 0 deletions test/__snapshots__/cron-job.test.ts.snap

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 3 additions & 0 deletions test/__snapshots__/daemon-set.test.ts.snap

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

23 changes: 23 additions & 0 deletions test/__snapshots__/deployment.test.ts.snap

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit e607bc5

Please sign in to comment.