fix(container): propagate privileged flag

The `privileged` config flag for `container` services wasn't resulting in the `allowPrivilegeEscalation` flag being set too. This is fixed here.
garden-io · Nov 1, 2021 · 58cb571 · 58cb571
1 parent 4304c42
commit 58cb571
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/core/src/plugins/kubernetes/container/deployment.ts b/core/src/plugins/kubernetes/container/deployment.ts
@@ -401,7 +401,7 @@ export async function createWorkloadManifest({
     resources: getResourceRequirements({ cpu, memory }, limits),
     imagePullPolicy: "IfNotPresent",
     securityContext: {
-      allowPrivilegeEscalation: false,
+      allowPrivilegeEscalation: spec.privileged || false,
       ...getSecurityContext(spec.privileged, spec.addCapabilities, spec.dropCapabilities),
     },
   }

diff --git a/core/test/integ/src/plugins/kubernetes/container/deployment.ts b/core/test/integ/src/plugins/kubernetes/container/deployment.ts
@@ -198,7 +198,7 @@ describe("kubernetes container deployment handlers", () => {
       })
 
       expect(resource.spec.template?.spec?.containers[0].securityContext).to.eql({
-        allowPrivilegeEscalation: false,
+        allowPrivilegeEscalation: true,
         privileged: true,
         capabilities: {
           add: ["SYS_TIME"],