Yuvipanda has submitted this change and it was merged.
Change subject: Don't require securitycontext to be nil
......................................................................
Don't require securitycontext to be nil
This can cause issues when pods are being updated
Change-Id: I38a10ff5f8bfd2437ce5640590707caafb3cbbdb
---
M plugin/pkg/admission/uidenforcer/admission.go
1 file changed, 3 insertions(+), 6 deletions(-)
Approvals:
Yuvipanda: Verified; Looks good to me, approved
diff --git a/plugin/pkg/admission/uidenforcer/admission.go
b/plugin/pkg/admission/uidenforcer/admission.go
index dbe36d5..64d5c37 100644
--- a/plugin/pkg/admission/uidenforcer/admission.go
+++ b/plugin/pkg/admission/uidenforcer/admission.go
@@ -106,12 +106,9 @@
container := &pod.Spec.Containers[i]
uid, ok := strconv.ParseInt(namespace.Annotations["RunAsUser"],
10, 32)
if ok == nil {
- if container.SecurityContext == nil {
- container.SecurityContext =
&api.SecurityContext{
- RunAsUser: &uid,
- }
- } else {
- return apierrors.NewBadRequest("Must have an
empty SecuriyContext to pass!")
+ // Set the SecurityContext to just ours, no matter what
+ container.SecurityContext = &api.SecurityContext{
+ RunAsUser: &uid,
}
} else {
return apierrors.NewBadRequest("Namespace's RunAsUser
not an integer")
--
To view, visit https://gerrit.wikimedia.org/r/281806
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I38a10ff5f8bfd2437ce5640590707caafb3cbbdb
Gerrit-PatchSet: 1
Gerrit-Project: operations/software/kubernetes
Gerrit-Branch: master
Gerrit-Owner: Yuvipanda <[email protected]>
Gerrit-Reviewer: Yuvipanda <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
