Skip to content

Commit

Permalink
remove root root pods
Browse files Browse the repository at this point in the history
Signed-off-by: Michael Henriksen <[email protected]>
  • Loading branch information
mhenriks committed Aug 25, 2022
1 parent f2b5654 commit 9d6fe45
Show file tree
Hide file tree
Showing 6 changed files with 3 additions and 20 deletions.
1 change: 0 additions & 1 deletion pkg/controller/clone-controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -593,7 +593,6 @@ func MakeCloneSourcePodSpec(sourceVolumeMode corev1.PersistentVolumeMode, image,
},
Spec: corev1.PodSpec{
SecurityContext: &corev1.PodSecurityContext{
RunAsUser: &[]int64{0}[0],
SELinuxOptions: &corev1.SELinuxOptions{
User: "system_u",
Role: "system_r",
Expand Down
6 changes: 0 additions & 6 deletions pkg/controller/clone-controller_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -840,9 +840,6 @@ func createSourcePod(pvc *corev1.PersistentVolumeClaim, pvcUID string) *corev1.P
},
},
Spec: corev1.PodSpec{
SecurityContext: &corev1.PodSecurityContext{
RunAsUser: &[]int64{0}[0],
},
Containers: []corev1.Container{
{
Name: common.ClonerSourcePodName,
Expand Down Expand Up @@ -929,9 +926,6 @@ func createSourcePod(pvc *corev1.PersistentVolumeClaim, pvcUID string) *corev1.P
Value: common.WriteBlockPath,
},
}
pod.Spec.SecurityContext = &corev1.PodSecurityContext{
RunAsUser: &[]int64{0}[0],
}
} else {
pod.Spec.Containers[0].VolumeMounts = []corev1.VolumeMount{
{
Expand Down
3 changes: 0 additions & 3 deletions pkg/controller/import-controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -1247,9 +1247,6 @@ func setImporterPodCommons(pod *corev1.Pod, podEnvVar *importPodEnvVar, pvc *cor

if getVolumeMode(pvc) == corev1.PersistentVolumeBlock {
pod.Spec.Containers[0].VolumeDevices = addVolumeDevices()
pod.Spec.SecurityContext = &corev1.PodSecurityContext{
RunAsUser: &[]int64{0}[0],
}
} else {
pod.Spec.Containers[0].VolumeMounts = addImportVolumeMounts()
}
Expand Down
4 changes: 0 additions & 4 deletions pkg/controller/import-controller_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -785,7 +785,6 @@ var _ = Describe("Create Importer Pod", func() {
if getVolumeMode(pvc) == corev1.PersistentVolumeBlock {
Expect(pod.Spec.Containers[0].VolumeDevices[0].Name).To(Equal(DataVolName))
Expect(pod.Spec.Containers[0].VolumeDevices[0].DevicePath).To(Equal(common.WriteBlockPath))
Expect(pod.Spec.SecurityContext.RunAsUser).To(Equal(&[]int64{0}[0]))
if scratchPvcName != nil {
By("Verifying scratch space is set if available")
Expect(len(pod.Spec.Containers[0].VolumeMounts)).To(Equal(1))
Expand Down Expand Up @@ -1299,9 +1298,6 @@ func createImporterTestPod(pvc *corev1.PersistentVolumeClaim, dvname string, scr
pod.Spec.Containers[0].Env = env
if volumeMode == corev1.PersistentVolumeBlock {
pod.Spec.Containers[0].VolumeDevices = addVolumeDevices()
pod.Spec.SecurityContext = &corev1.PodSecurityContext{
RunAsUser: &[]int64{0}[0],
}
} else {
pod.Spec.Containers[0].VolumeMounts = addImportVolumeMounts()
}
Expand Down
6 changes: 3 additions & 3 deletions pkg/controller/upload-controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -739,9 +739,6 @@ func (r *UploadReconciler) makeUploadPodSpec(args UploadPodArgs, resourceRequire
},
},
Spec: v1.PodSpec{
SecurityContext: &v1.PodSecurityContext{
RunAsUser: &[]int64{0}[0],
},
Containers: []v1.Container{
{
Name: common.UploadServerPodname,
Expand Down Expand Up @@ -843,6 +840,9 @@ func (r *UploadReconciler) makeUploadPodSpec(args UploadPodArgs, resourceRequire
}

if !checkPVC(args.PVC, AnnCloneRequest, r.log.WithValues("Name", args.PVC.Name, "Namspace", args.PVC.Namespace)) {
if pod.Spec.SecurityContext == nil {
pod.Spec.SecurityContext = &v1.PodSecurityContext{}
}
pod.Spec.SecurityContext.FSGroup = &fsGroup
}

Expand Down
3 changes: 0 additions & 3 deletions pkg/controller/upload-controller_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -680,9 +680,6 @@ func createUploadClonePod(pvc *corev1.PersistentVolumeClaim, clientName string)
},
},
Spec: corev1.PodSpec{
SecurityContext: &corev1.PodSecurityContext{
RunAsUser: &[]int64{0}[0],
},
Containers: []corev1.Container{
{
Name: "cdi-upload-server",
Expand Down

0 comments on commit 9d6fe45

Please sign in to comment.