diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2022-05-10 10:04:08 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-05-10 10:04:08 -0400 |
commit | 23826c5063fcfc3cc1b8706d0d7dd2f532789254 (patch) | |
tree | 9438cd36ed20a00a08b631f20ad248b8d55be4a5 /pkg/domain | |
parent | 28588235d2051bf673d528c293261f926fad0d92 (diff) | |
parent | 9e1ee081f8849cbba89fb0f79218812164527251 (diff) | |
download | podman-23826c5063fcfc3cc1b8706d0d7dd2f532789254.tar.gz podman-23826c5063fcfc3cc1b8706d0d7dd2f532789254.tar.bz2 podman-23826c5063fcfc3cc1b8706d0d7dd2f532789254.zip |
Merge pull request #14167 from giuseppe/play-kube-honor-pod-security-context
kube: honor pod security context IDs
Diffstat (limited to 'pkg/domain')
-rw-r--r-- | pkg/domain/infra/abi/play.go | 64 |
1 files changed, 33 insertions, 31 deletions
diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go index b3ded7db6..f44b46a6d 100644 --- a/pkg/domain/infra/abi/play.go +++ b/pkg/domain/infra/abi/play.go @@ -412,22 +412,23 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY } specgenOpts := kube.CtrSpecGenOptions{ - Annotations: annotations, - Container: initCtr, - Image: pulledImage, - Volumes: volumes, - PodID: pod.ID(), - PodName: podName, - PodInfraID: podInfraID, - ConfigMaps: configMaps, - SeccompPaths: seccompPaths, - RestartPolicy: ctrRestartPolicy, - NetNSIsHost: p.NetNS.IsHost(), - SecretsManager: secretsManager, - LogDriver: options.LogDriver, - LogOptions: options.LogOptions, - Labels: labels, - InitContainerType: define.AlwaysInitContainer, + Annotations: annotations, + ConfigMaps: configMaps, + Container: initCtr, + Image: pulledImage, + InitContainerType: define.AlwaysInitContainer, + Labels: labels, + LogDriver: options.LogDriver, + LogOptions: options.LogOptions, + NetNSIsHost: p.NetNS.IsHost(), + PodID: pod.ID(), + PodInfraID: podInfraID, + PodName: podName, + PodSecurityContext: podYAML.Spec.SecurityContext, + RestartPolicy: ctrRestartPolicy, + SeccompPaths: seccompPaths, + SecretsManager: secretsManager, + Volumes: volumes, } specGen, err := kube.ToSpecGen(ctx, &specgenOpts) if err != nil { @@ -460,21 +461,22 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY } specgenOpts := kube.CtrSpecGenOptions{ - Annotations: annotations, - Container: container, - Image: pulledImage, - Volumes: volumes, - PodID: pod.ID(), - PodName: podName, - PodInfraID: podInfraID, - ConfigMaps: configMaps, - SeccompPaths: seccompPaths, - RestartPolicy: ctrRestartPolicy, - NetNSIsHost: p.NetNS.IsHost(), - SecretsManager: secretsManager, - LogDriver: options.LogDriver, - LogOptions: options.LogOptions, - Labels: labels, + Annotations: annotations, + ConfigMaps: configMaps, + Container: container, + Image: pulledImage, + Labels: labels, + LogDriver: options.LogDriver, + LogOptions: options.LogOptions, + NetNSIsHost: p.NetNS.IsHost(), + PodID: pod.ID(), + PodInfraID: podInfraID, + PodName: podName, + PodSecurityContext: podYAML.Spec.SecurityContext, + RestartPolicy: ctrRestartPolicy, + SeccompPaths: seccompPaths, + SecretsManager: secretsManager, + Volumes: volumes, } specGen, err := kube.ToSpecGen(ctx, &specgenOpts) if err != nil { |