Skip to content

Commit

Permalink
Fix problem for MII auxiliary image not honoring podSecurityContext i…
Browse files Browse the repository at this point in the history
…n serverPod
  • Loading branch information
jshum2479 authored and rjeberhard committed Nov 22, 2023
1 parent 195739c commit b4d0b16
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 5 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -150,18 +150,26 @@ protected V1Volume createEmptyDirVolume() {
.name(AUXILIARY_IMAGE_INTERNAL_VOLUME_NAME).emptyDir(emptyDirVolumeSource);
}

protected V1Container createInitContainerForAuxiliaryImage(DeploymentImage auxiliaryImage, int index) {
return new V1Container().name(getName(index))
protected V1Container createInitContainerForAuxiliaryImage(DeploymentImage auxiliaryImage, int index,
boolean isInitializeDomainOnPV) {
V1Container container = new V1Container().name(getName(index))
.image(auxiliaryImage.getImage())
.imagePullPolicy(auxiliaryImage.getImagePullPolicy())
.command(Collections.singletonList(AUXILIARY_IMAGE_INIT_CONTAINER_WRAPPER_SCRIPT))
.env(createEnv(auxiliaryImage, getName(index)))
.resources(createResources())
.securityContext(PodSecurityHelper.getDefaultContainerSecurityContext())
.volumeMounts(Arrays.asList(
new V1VolumeMount().name(AUXILIARY_IMAGE_INTERNAL_VOLUME_NAME)
.mountPath(AUXILIARY_IMAGE_TARGET_PATH),
new V1VolumeMount().name(SCRIPTS_VOLUME).mountPath(SCRIPTS_MOUNTS_PATH)));

if (isInitializeDomainOnPV) {
container.securityContext(PodSecurityHelper.getDefaultContainerSecurityContext());
} else {
container.securityContext(getInitContainerSecurityContext());
}

return container;
}

abstract V1SecurityContext getInitContainerSecurityContext();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -463,7 +463,8 @@ protected void addInitContainers(V1PodSpec podSpec) {

private void addInitContainers(List<V1Container> initContainers, List<? extends DeploymentImage> auxiliaryImages) {
IntStream.range(0, auxiliaryImages.size()).forEach(idx ->
initContainers.add(createInitContainerForAuxiliaryImage(auxiliaryImages.get(idx), idx)));
initContainers.add(createInitContainerForAuxiliaryImage(auxiliaryImages.get(idx), idx,
isInitializeDomainOnPV())));
}

private Optional<InitializeDomainOnPV> getInitializeDomainOnPV() {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -724,7 +724,8 @@ private List<V1Container> getInitContainers() {
protected void getAuxiliaryImageInitContainers(List<AuxiliaryImage> auxiliaryImageList,
List<V1Container> initContainers) {
Optional.ofNullable(auxiliaryImageList).ifPresent(cl -> IntStream.range(0, cl.size()).forEach(idx ->
initContainers.add(createInitContainerForAuxiliaryImage(cl.get(idx), idx))));
initContainers.add(createInitContainerForAuxiliaryImage(cl.get(idx), idx,
getDomain().isInitializeDomainOnPV()))));
}

// ---------------------- model methods ------------------------------
Expand Down

0 comments on commit b4d0b16

Please sign in to comment.