Add SecurityContext to TaskSpec

tektoncd · Apr 3, 2019 · fba036a · fba036a
1 parent 9428c43
commit fba036a
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 0 deletions.
diff --git a/docs/tasks.md b/docs/tasks.md
@@ -73,6 +73,9 @@ following fields:
     by your `Task`
   - [`volumes`](#volumes) - Specifies one or more volumes that you want to make
     available to your build.
+  - [`securityContext`] - SecurityContext holds pod-level security attributes and 
+    common container settings. Defaults to empty.  See type description for default  
+    values of each field.
 
 [kubernetes-overview]:
   https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/#required-fields

diff --git a/pkg/apis/pipeline/v1alpha1/task_types.go b/pkg/apis/pipeline/v1alpha1/task_types.go
@@ -49,6 +49,10 @@ type TaskSpec struct {
 	// Volumes is a collection of volumes that are available to mount into the
 	// steps of the build.
 	Volumes []corev1.Volume `json:"volumes,omitempty"`
+	// SecurityContext holds pod-level security attributes and common container settings.
+	// Optional: Defaults to empty.  See type description for default values of each field.
+	// +optional
+	SecurityContext *corev1.PodSecurityContext `json:"securityContext,omitempty"`
 }
 
 // Check that Task may be validated and defaulted.

diff --git a/pkg/apis/pipeline/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/pipeline/v1alpha1/zz_generated.deepcopy.go
diff --git a/pkg/reconciler/v1alpha1/taskrun/resources/pod.go b/pkg/reconciler/v1alpha1/taskrun/resources/pod.go
@@ -246,6 +246,7 @@ func MakePod(taskRun *v1alpha1.TaskRun, taskSpec v1alpha1.TaskSpec, kubeclient k
 			Containers:         podContainers,
 			ServiceAccountName: taskRun.Spec.ServiceAccount,
 			Volumes:            volumes,
+			SecurityContext:    taskSpec.SecurityContext,
 			NodeSelector:       taskRun.Spec.NodeSelector,
 			Affinity:           taskRun.Spec.Affinity,
 		},