Add runAsUser and runAsGroup under setSecurityContext flag

tektoncd · Aug 16, 2024 · e5fdac7 · e5fdac7
1 parent e632434
commit e5fdac7
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 11 deletions.
diff --git a/pkg/reconciler/eventlistener/eventlistener_test.go b/pkg/reconciler/eventlistener/eventlistener_test.go
@@ -917,10 +917,7 @@ func TestReconcile(t *testing.T) {
 
 	deploymentMissingSecurityContext := makeDeployment(func(d *appsv1.Deployment) {
 		d.Spec.Template.Spec.SecurityContext = &corev1.PodSecurityContext{}
-		d.Spec.Template.Spec.Containers[0].SecurityContext = &corev1.SecurityContext{
-			RunAsUser:  ptr.Int64(65532),
-			RunAsGroup: ptr.Int64(65532),
-		}
+		d.Spec.Template.Spec.Containers[0].SecurityContext = &corev1.SecurityContext{}
 	})
 
 	deploymentWithSecurityContext := makeDeployment(func(d *appsv1.Deployment) {

diff --git a/pkg/reconciler/eventlistener/resources/container.go b/pkg/reconciler/eventlistener/resources/container.go
@@ -66,13 +66,12 @@ func MakeContainer(el *v1beta1.EventListener, configAcc reconcilersource.ConfigA
 		if *c.SetReadOnlyRootFilesystem {
 			containerSecurityContext.ReadOnlyRootFilesystem = ptr.Bool(true)
 		}
-	}
-
-	if !cfg.Defaults.IsDefaultRunAsUserEmpty {
-		containerSecurityContext.RunAsUser = ptr.Int64(cfg.Defaults.DefaultRunAsUser)
-	}
-	if !cfg.Defaults.IsDefaultRunAsGroupEmpty {
-		containerSecurityContext.RunAsGroup = ptr.Int64(cfg.Defaults.DefaultRunAsGroup)
+		if !cfg.Defaults.IsDefaultRunAsUserEmpty {
+			containerSecurityContext.RunAsUser = ptr.Int64(cfg.Defaults.DefaultRunAsUser)
+		}
+		if !cfg.Defaults.IsDefaultRunAsGroupEmpty {
+			containerSecurityContext.RunAsGroup = ptr.Int64(cfg.Defaults.DefaultRunAsGroup)
+		}
 	}
 
 	container := corev1.Container{