Kube Gen run as user/group issues

Removed the inclusion of RunAsUser or RunAsGroup unless a container is run with the --user flag. When building from an image the user will be pulled from there anyway resolves #11914 Signed-off-by: cdoern <cdoern@redhat.com>
author: cdoern <cdoern@redhat.com> 2021-10-11 11:01:36 -0400
committer: Matthew Heon <matthew.heon@pm.me> 2021-10-19 15:56:35 -0400
commit: 16fb4161a6853c047f40920adce43049cc428243 (patch)
tree: 8bebd2148fcc9fd8f5ef52eac3bc3fc72c2b0279 /libpod/kube.go
parent: 3082ba8b7b4489ec0be3886450b2681e16aca17e (diff)
download: podman-16fb4161a6853c047f40920adce43049cc428243.tar.gz
podman-16fb4161a6853c047f40920adce43049cc428243.tar.bz2
podman-16fb4161a6853c047f40920adce43049cc428243.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/libpod/kube.go b/libpod/kube.go
index 9e1e3ddfe..9c71c8ad6 100644
--- a/libpod/kube.go
+++ b/libpod/kube.go
@@ -485,6 +485,10 @@ func containerToV1Container(ctx context.Context, c *Container) (v1.Container, []
 		kubeContainer.Command = nil
 	}
 
+	if imgData.User == c.User() {
+		kubeSec.RunAsGroup, kubeSec.RunAsUser = nil, nil
+	}
+
 	kubeContainer.WorkingDir = c.WorkingDir()
 	kubeContainer.Ports = ports
 	// This should not be applicable
author	cdoern <cdoern@redhat.com>	2021-10-11 11:01:36 -0400
committer	Matthew Heon <matthew.heon@pm.me>	2021-10-19 15:56:35 -0400
commit	16fb4161a6853c047f40920adce43049cc428243 (patch)
tree	8bebd2148fcc9fd8f5ef52eac3bc3fc72c2b0279 /libpod/kube.go
parent	3082ba8b7b4489ec0be3886450b2681e16aca17e (diff)
download	podman-16fb4161a6853c047f40920adce43049cc428243.tar.gz podman-16fb4161a6853c047f40920adce43049cc428243.tar.bz2 podman-16fb4161a6853c047f40920adce43049cc428243.zip