Add secrets patch to crio

Allows the user to define secret paths in /etc/containers/mounts.conf These are then volume mounted into the container Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-09-22 11:10:15 -04:00 · 2017-09-22 11:10:15 -04:00 · d5b5028cb9
commit d5b5028cb9
parent d7cbdfce76
7 changed files with 282 additions and 1 deletions
--- a/cmd/crio/config.go
+++ b/cmd/crio/config.go
@ -108,6 +108,9 @@ cgroup_manager = "{{ .CgroupManager }}"
 # hooks_dir_path is the oci hooks directory for automatically executed hooks
 hooks_dir_path = "{{ .HooksDirPath }}"

+# default_mounts_path is the secrets mounts file path
+default_mounts_path = "{{ .DefaultMountsPath }}"
+
 # pids_limit is the number of processes allowed in a container
 pids_limit = {{ .PidsLimit }}

--- a/cmd/crio/main.go
+++ b/cmd/crio/main.go
@ -127,6 +127,9 @@ func mergeConfig(config *server.Config, ctx *cli.Context) error {
 	if ctx.GlobalIsSet("hooks-dir-path") {
 		config.HooksDirPath = ctx.GlobalString("hooks-dir-path")
 	}
+	if ctx.GlobalIsSet("default-mounts-path") {
+		config.DefaultMountsPath = ctx.GlobalString("default-mounts-path")
+	}
 	if ctx.GlobalIsSet("pids-limit") {
 		config.PidsLimit = ctx.GlobalInt64("pids-limit")
 	}
@ -322,6 +325,11 @@ func main() {
 			Value:  libkpod.DefaultHooksDirPath,
 			Hidden: true,
 		},
+		cli.StringFlag{
+			Name:   "default-mounts-path",
+			Usage:  "set the default mounts file path",
+			Hidden: true,
+		},
 		cli.BoolFlag{
 			Name:  "profile",
 			Usage: "enable pprof remote profiler on localhost:6060",