diff --git a/operator/src/main/java/oracle/kubernetes/operator/helpers/BasePodStepContext.java b/operator/src/main/java/oracle/kubernetes/operator/helpers/BasePodStepContext.java index cbca029df6b..19635ed2cf5 100644 --- a/operator/src/main/java/oracle/kubernetes/operator/helpers/BasePodStepContext.java +++ b/operator/src/main/java/oracle/kubernetes/operator/helpers/BasePodStepContext.java @@ -150,18 +150,26 @@ protected V1Volume createEmptyDirVolume() { .name(AUXILIARY_IMAGE_INTERNAL_VOLUME_NAME).emptyDir(emptyDirVolumeSource); } - protected V1Container createInitContainerForAuxiliaryImage(DeploymentImage auxiliaryImage, int index) { - return new V1Container().name(getName(index)) + protected V1Container createInitContainerForAuxiliaryImage(DeploymentImage auxiliaryImage, int index, + boolean isInitializeDomainOnPV) { + V1Container container = new V1Container().name(getName(index)) .image(auxiliaryImage.getImage()) .imagePullPolicy(auxiliaryImage.getImagePullPolicy()) .command(Collections.singletonList(AUXILIARY_IMAGE_INIT_CONTAINER_WRAPPER_SCRIPT)) .env(createEnv(auxiliaryImage, getName(index))) .resources(createResources()) - .securityContext(PodSecurityHelper.getDefaultContainerSecurityContext()) .volumeMounts(Arrays.asList( new V1VolumeMount().name(AUXILIARY_IMAGE_INTERNAL_VOLUME_NAME) .mountPath(AUXILIARY_IMAGE_TARGET_PATH), new V1VolumeMount().name(SCRIPTS_VOLUME).mountPath(SCRIPTS_MOUNTS_PATH))); + + if (isInitializeDomainOnPV) { + container.securityContext(PodSecurityHelper.getDefaultContainerSecurityContext()); + } else { + container.securityContext(getInitContainerSecurityContext()); + } + + return container; } abstract V1SecurityContext getInitContainerSecurityContext(); diff --git a/operator/src/main/java/oracle/kubernetes/operator/helpers/JobStepContext.java b/operator/src/main/java/oracle/kubernetes/operator/helpers/JobStepContext.java index 0ac160f0b51..e8b57176d38 100644 --- a/operator/src/main/java/oracle/kubernetes/operator/helpers/JobStepContext.java +++ b/operator/src/main/java/oracle/kubernetes/operator/helpers/JobStepContext.java @@ -463,7 +463,8 @@ protected void addInitContainers(V1PodSpec podSpec) { private void addInitContainers(List initContainers, List auxiliaryImages) { IntStream.range(0, auxiliaryImages.size()).forEach(idx -> - initContainers.add(createInitContainerForAuxiliaryImage(auxiliaryImages.get(idx), idx))); + initContainers.add(createInitContainerForAuxiliaryImage(auxiliaryImages.get(idx), idx, + isInitializeDomainOnPV()))); } private Optional getInitializeDomainOnPV() { diff --git a/operator/src/main/java/oracle/kubernetes/operator/helpers/PodStepContext.java b/operator/src/main/java/oracle/kubernetes/operator/helpers/PodStepContext.java index ea5ea28e4d6..4e18669f0cf 100644 --- a/operator/src/main/java/oracle/kubernetes/operator/helpers/PodStepContext.java +++ b/operator/src/main/java/oracle/kubernetes/operator/helpers/PodStepContext.java @@ -724,7 +724,8 @@ private List getInitContainers() { protected void getAuxiliaryImageInitContainers(List auxiliaryImageList, List initContainers) { Optional.ofNullable(auxiliaryImageList).ifPresent(cl -> IntStream.range(0, cl.size()).forEach(idx -> - initContainers.add(createInitContainerForAuxiliaryImage(cl.get(idx), idx)))); + initContainers.add(createInitContainerForAuxiliaryImage(cl.get(idx), idx, + getDomain().isInitializeDomainOnPV())))); } // ---------------------- model methods ------------------------------