From 58cb57159079cd58145d605a910e5b0f54883146 Mon Sep 17 00:00:00 2001
From: Thorarinn Sigurdsson <thorarinnsigurdsson@gmail.com>
Date: Mon, 1 Nov 2021 14:31:20 -0700
Subject: [PATCH] fix(container): propagate privileged flag

The `privileged` config flag for `container` services wasn't resulting
in the `allowPrivilegeEscalation` flag being set too. This is fixed
here.
---
 core/src/plugins/kubernetes/container/deployment.ts            | 2 +-
 core/test/integ/src/plugins/kubernetes/container/deployment.ts | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/src/plugins/kubernetes/container/deployment.ts b/core/src/plugins/kubernetes/container/deployment.ts
index f02de23104..213913c644 100644
--- a/core/src/plugins/kubernetes/container/deployment.ts
+++ b/core/src/plugins/kubernetes/container/deployment.ts
@@ -401,7 +401,7 @@ export async function createWorkloadManifest({
     resources: getResourceRequirements({ cpu, memory }, limits),
     imagePullPolicy: "IfNotPresent",
     securityContext: {
-      allowPrivilegeEscalation: false,
+      allowPrivilegeEscalation: spec.privileged || false,
       ...getSecurityContext(spec.privileged, spec.addCapabilities, spec.dropCapabilities),
     },
   }
diff --git a/core/test/integ/src/plugins/kubernetes/container/deployment.ts b/core/test/integ/src/plugins/kubernetes/container/deployment.ts
index 205e19c3f2..34f0ffbac3 100644
--- a/core/test/integ/src/plugins/kubernetes/container/deployment.ts
+++ b/core/test/integ/src/plugins/kubernetes/container/deployment.ts
@@ -198,7 +198,7 @@ describe("kubernetes container deployment handlers", () => {
       })
 
       expect(resource.spec.template?.spec?.containers[0].securityContext).to.eql({
-        allowPrivilegeEscalation: false,
+        allowPrivilegeEscalation: true,
         privileged: true,
         capabilities: {
           add: ["SYS_TIME"],