mirrors/woodpecker
1
0
Fork 0
mirror of https://github.com/woodpecker-ci/woodpecker.git synced 2024-10-23 02:23:53 +00:00
Code Issues Projects Releases Wiki Activity

set fsGroupChangePolicy

Browse source
This commit is contained in:
pat-s 2024-10-02 13:26:38 +02:00
parent 34fd3849d9
commit 3c7e071a56
No known key found for this signature in database
GPG key ID: 3C6318841EF78925
1 changed files with 10 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
pipeline/backend/kubernetes/pod.go
View file

@ -415,11 +415,15 @@ func podSecurityContext(sc *SecurityContext, secCtxConf SecurityContextConfig, s
// if unset, set fsGroup to 1000 by default to support non-root images // if unset, set fsGroup to 1000 by default to support non-root images
if sc.FSGroup == nil { if sc.FSGroup == nil {
fsGroup = newInt64(1000) fsGroup = newInt64(1000)
// do the same for fsGroupChangePolicy but only if fsGroup is also set accordingly do the same for fsGroupChangePolicy but only if fsGroup is also set accordingly
// if sc.FSGroupChangePolicy == nil { if sc.FSGroupChangePolicy == nil {
// policy := v1.PodFSGroupChangePolicyOnRootMismatch policy := v1.PodFSGroupChangePolicyOnRootMismatch
// fsGroupChangePolicy = &policy }
// } fsGroupChangePolicy = &policy
}
else {
fsGroupChangePolicy = sc.FSGroupChangePolicy
}
} }
seccomp = seccompProfile(sc.SeccompProfile) seccomp = seccompProfile(sc.SeccompProfile)
@ -435,7 +439,7 @@ func podSecurityContext(sc *SecurityContext, secCtxConf SecurityContextConfig, s
RunAsUser: user, RunAsUser: user,
RunAsGroup: group, RunAsGroup: group,
FSGroup: fsGroup, FSGroup: fsGroup,
// FSGroupChangePolicy: fsGroupChangePolicy, FSGroupChangePolicy: fsGroupChangePolicy,
SeccompProfile: seccomp, SeccompProfile: seccomp,
AppArmorProfile: apparmor, AppArmorProfile: apparmor,
} }