Skip to content

Commit

Permalink
Kube Gen run as user/group issues
Browse files Browse the repository at this point in the history
Removed the inclusion of RunAsUser or RunAsGroup unless a container is run with the --user flag. When building from an image
the user will be pulled from there anyway

resolves containers#11914

Signed-off-by: cdoern <[email protected]>
  • Loading branch information
cdoern authored and mheon committed Oct 19, 2021
1 parent 3082ba8 commit 16fb416
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 1 deletion.
4 changes: 4 additions & 0 deletions libpod/kube.go
Original file line number Diff line number Diff line change
Expand Up @@ -485,6 +485,10 @@ func containerToV1Container(ctx context.Context, c *Container) (v1.Container, []
kubeContainer.Command = nil
}

if imgData.User == c.User() {
kubeSec.RunAsGroup, kubeSec.RunAsUser = nil, nil
}

kubeContainer.WorkingDir = c.WorkingDir()
kubeContainer.Ports = ports
// This should not be applicable
Expand Down
2 changes: 1 addition & 1 deletion test/e2e/generate_kube_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -942,7 +942,7 @@ USER test1`
pod := new(v1.Pod)
err = yaml.Unmarshal(kube.Out.Contents(), pod)
Expect(err).To(BeNil())
Expect(*pod.Spec.Containers[0].SecurityContext.RunAsUser).To(Equal(int64(10001)))
Expect(pod.Spec.Containers[0].SecurityContext.RunAsUser).To(BeNil())
})

It("podman generate kube on named volume", func() {
Expand Down

0 comments on commit 16fb416

Please sign in to comment.