summaryrefslogtreecommitdiff
path: root/cmd/podman
diff options
context:
space:
mode:
authorPeter Hunt <pehunt@redhat.com>2019-03-18 14:07:35 -0400
committerPeter Hunt <pehunt@redhat.com>2019-03-18 14:19:52 -0400
commitce81ca3631d53ad5f176b69d83a99d6ade69be29 (patch)
tree639d04e531ba653d193ef6680ed503438ce78116 /cmd/podman
parent6e4c32967ec02cdc33b801df8b5730dffce9b8a3 (diff)
downloadpodman-ce81ca3631d53ad5f176b69d83a99d6ade69be29.tar.gz
podman-ce81ca3631d53ad5f176b69d83a99d6ade69be29.tar.bz2
podman-ce81ca3631d53ad5f176b69d83a99d6ade69be29.zip
Incorporate user from image inspect data in play kube
before, when an image signified a user, play kube ignored it. Incorporate that information. Signed-off-by: Peter Hunt <pehunt@redhat.com>
Diffstat (limited to 'cmd/podman')
-rw-r--r--cmd/podman/play_kube.go15
1 files changed, 12 insertions, 3 deletions
diff --git a/cmd/podman/play_kube.go b/cmd/podman/play_kube.go
index eeb1aad64..10221a339 100644
--- a/cmd/podman/play_kube.go
+++ b/cmd/podman/play_kube.go
@@ -1,6 +1,7 @@
package main
import (
+ "context"
"fmt"
"io"
"io/ioutil"
@@ -186,7 +187,7 @@ func playKubeYAMLCmd(c *cliconfig.KubePlayValues) error {
if err != nil {
return err
}
- createConfig, err := kubeContainerToCreateConfig(container, runtime, newImage, namespaces, volumes)
+ createConfig, err := kubeContainerToCreateConfig(ctx, container, runtime, newImage, namespaces, volumes)
if err != nil {
return err
}
@@ -231,7 +232,7 @@ func getPodPorts(containers []v1.Container) []ocicni.PortMapping {
}
// kubeContainerToCreateConfig takes a v1.Container and returns a createconfig describing a container
-func kubeContainerToCreateConfig(containerYAML v1.Container, runtime *libpod.Runtime, newImage *image2.Image, namespaces map[string]string, volumes map[string]string) (*createconfig.CreateConfig, error) {
+func kubeContainerToCreateConfig(ctx context.Context, containerYAML v1.Container, runtime *libpod.Runtime, newImage *image2.Image, namespaces map[string]string, volumes map[string]string) (*createconfig.CreateConfig, error) {
var (
containerConfig createconfig.CreateConfig
envs map[string]string
@@ -243,6 +244,14 @@ func kubeContainerToCreateConfig(containerYAML v1.Container, runtime *libpod.Run
containerConfig.Name = containerYAML.Name
containerConfig.Tty = containerYAML.TTY
containerConfig.WorkDir = containerYAML.WorkingDir
+
+ imageData, _ := newImage.Inspect(ctx)
+
+ containerConfig.User = "0"
+ if imageData != nil {
+ containerConfig.User = imageData.Config.User
+ }
+
if containerConfig.SecurityOpts != nil {
if containerYAML.SecurityContext.ReadOnlyRootFilesystem != nil {
containerConfig.ReadOnlyRootfs = *containerYAML.SecurityContext.ReadOnlyRootFilesystem
@@ -280,6 +289,7 @@ func kubeContainerToCreateConfig(containerYAML v1.Container, runtime *libpod.Run
for _, e := range containerYAML.Env {
envs[e.Name] = e.Value
}
+ containerConfig.Env = envs
for _, volume := range containerYAML.VolumeMounts {
host_path, exists := volumes[volume.Name]
@@ -291,6 +301,5 @@ func kubeContainerToCreateConfig(containerYAML v1.Container, runtime *libpod.Run
}
containerConfig.Volumes = append(containerConfig.Volumes, fmt.Sprintf("%s:%s", host_path, volume.MountPath))
}
- containerConfig.Env = envs
return &containerConfig, nil
}