Skip to content

Commit 31587ee

Browse files
chensjlvchensjlv
committed
add shareProcessNamespace to pod spec
Signed-off-by: Mike Chen <[email protected]>
1 parent 6b8a23b commit 31587ee

11 files changed

+168
-0
lines changed

src/pod.ts

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@ export abstract class AbstractPod extends base.Resource implements IPodSelector,
1919
public readonly dns: PodDns;
2020
public readonly dockerRegistryAuth?: secret.ISecret;
2121
public readonly automountServiceAccountToken: boolean;
22+
public readonly shareProcessNamespace: boolean;
2223
public readonly hostNetwork?: boolean;
2324
public readonly terminationGracePeriod?: Duration;
2425

@@ -40,6 +41,7 @@ export abstract class AbstractPod extends base.Resource implements IPodSelector,
4041
this.dns = new PodDns(props.dns);
4142
this.dockerRegistryAuth = props.dockerRegistryAuth;
4243
this.automountServiceAccountToken = props.automountServiceAccountToken ?? false;
44+
this.shareProcessNamespace = props.shareProcessNamespace ?? false;
4345
this.isolate = props.isolate ?? false;
4446
this.hostNetwork = props.hostNetwork ?? false;
4547
this.terminationGracePeriod = props.terminationGracePeriod ?? Duration.seconds(30);
@@ -238,6 +240,7 @@ export abstract class AbstractPod extends base.Resource implements IPodSelector,
238240
setHostnameAsFqdn: dns.hostnameAsFQDN,
239241
imagePullSecrets: this.dockerRegistryAuth ? [{ name: this.dockerRegistryAuth.name }] : undefined,
240242
automountServiceAccountToken: this.automountServiceAccountToken,
243+
shareProcessNamespace: this.shareProcessNamespace,
241244
hostNetwork: this.hostNetwork,
242245
terminationGracePeriodSeconds: this.terminationGracePeriod?.toSeconds(),
243246
};
@@ -426,6 +429,14 @@ export interface AbstractPodProps extends base.ResourceProps {
426429
*/
427430
readonly automountServiceAccountToken?: boolean;
428431

432+
/**
433+
* When process namespace sharing is enabled, processes in a container are visible to all other containers in the same pod.
434+
*
435+
* @default false
436+
* @see https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/
437+
*/
438+
readonly shareProcessNamespace?: boolean;
439+
429440
/**
430441
* Isolates the pod. This will prevent any ingress or egress connections to / from this pod.
431442
* You can however allow explicit connections post instantiation by using the `.connections` property.

test/__snapshots__/container.test.ts.snap

Lines changed: 4 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

test/__snapshots__/cron-job.test.ts.snap

Lines changed: 3 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

test/__snapshots__/daemon-set.test.ts.snap

Lines changed: 3 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

test/__snapshots__/deployment.test.ts.snap

Lines changed: 23 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)