Skip to content

openshift copy runAsUser form main container #55

New issue
New issue
Open
Open
openshift copy runAsUser form main container#55
@mark-00

Description

@mark-00
mark-00
opened on Dec 11, 2020

What's going on?

On openshift standard behavior is to run each pod with a certain uid. This uid is dependant of the namespace the pod is running in. Pods are automaticaly injected with the right Security context and runAsUser settings. This is done before the mutating webhook is called to inject the sidecar. The sidecar can not be configured with the right uid because this is namespace dependent and will not run if the setting is not correct.

Example of the security context info

      securityContext:
        capabilities:
          drop:
            - KILL
            - MKNOD
            - SETGID
            - SETUID
        runAsUser: 1001550000

I have writen some code to add the runAsUser of container 0 to the injected containers.
Is it possible to open a pull request to integrate this feature

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions