Kube Gen run as user/group issues

Removed the inclusion of RunAsUser or RunAsGroup unless a container is run with the --user flag. When building from an image the user will be pulled from there anyway resolves #11914 Signed-off-by: cdoern <cdoern@redhat.com>
author: cdoern <cdoern@redhat.com> 2021-10-11 11:01:36 -0400
committer: cdoern <cdoern@redhat.com> 2021-10-12 16:22:01 -0400
commit: 4631f5b283b95abb30b91a858517609d3fb2022c (patch)
tree: 9514311e11bbc664ab56db0cb7315027c28fc5de /libpod
parent: ea868933e8c014ac52192f397f5dc1c3e8ee375a (diff)
download: podman-4631f5b283b95abb30b91a858517609d3fb2022c.tar.gz
podman-4631f5b283b95abb30b91a858517609d3fb2022c.tar.bz2
podman-4631f5b283b95abb30b91a858517609d3fb2022c.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/libpod/kube.go b/libpod/kube.go
index 816fe9cc3..452c2b02e 100644
--- a/libpod/kube.go
+++ b/libpod/kube.go
@@ -485,6 +485,10 @@ func containerToV1Container(ctx context.Context, c *Container) (v1.Container, []
 		kubeContainer.Command = nil
 	}
 
+	if imgData.User == c.User() {
+		kubeSec.RunAsGroup, kubeSec.RunAsUser = nil, nil
+	}
+
 	kubeContainer.WorkingDir = c.WorkingDir()
 	kubeContainer.Ports = ports
 	// This should not be applicable
author	cdoern <cdoern@redhat.com>	2021-10-11 11:01:36 -0400
committer	cdoern <cdoern@redhat.com>	2021-10-12 16:22:01 -0400
commit	4631f5b283b95abb30b91a858517609d3fb2022c (patch)
tree	9514311e11bbc664ab56db0cb7315027c28fc5de /libpod
parent	ea868933e8c014ac52192f397f5dc1c3e8ee375a (diff)
download	podman-4631f5b283b95abb30b91a858517609d3fb2022c.tar.gz podman-4631f5b283b95abb30b91a858517609d3fb2022c.tar.bz2 podman-4631f5b283b95abb30b91a858517609d3fb2022c.zip