Skip to content

Commit

Permalink
Windows: Sets the effective SecurityContext's RunAsUserName
Browse files Browse the repository at this point in the history 
Co-Authored-By: Claudiu Belu <[email protected]>
  • Loading branch information
@jsturtevant @claudiubelu
jsturtevant and claudiubelu committed Jul 17, 2019
1 parent 1c4edfb commit a8c78d1
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 0 deletions.
5 changes: 5 additions & 0 deletions pkg/kubelet/kuberuntime/kuberuntime_container_windows.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,5 +102,10 @@ func (m *kubeGenericRuntimeManager) generateWindowsContainerConfig(container *v1
wc.SecurityContext.CredentialSpec = *effectiveSc.WindowsOptions.GMSACredentialSpec
}

// override with Windows options if present
if effectiveSc.WindowsOptions != nil && effectiveSc.WindowsOptions.RunAsUserName != nil {
wc.SecurityContext.RunAsUsername = *effectiveSc.WindowsOptions.RunAsUserName
}

return wc, nil
}
3 changes: 3 additions & 0 deletions pkg/securitycontext/util.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,9 @@ func DetermineEffectiveSecurityContext(pod *v1.Pod, container *v1.Container) *v1
effectiveSc.WindowsOptions.GMSACredentialSpecName = containerSc.WindowsOptions.GMSACredentialSpecName
effectiveSc.WindowsOptions.GMSACredentialSpec = containerSc.WindowsOptions.GMSACredentialSpec
}
if containerSc.WindowsOptions.RunAsUserName != nil {
effectiveSc.WindowsOptions.RunAsUserName = containerSc.WindowsOptions.RunAsUserName
}
}

if containerSc.Capabilities != nil {
Expand Down

0 comments on commit a8c78d1

Please sign in to comment.