From a8c78d13596e4152d54420705b7fa4ee393d0cbe Mon Sep 17 00:00:00 2001 From: James Sturtevant Date: Wed, 30 Jan 2019 16:09:04 -0800 Subject: [PATCH] Windows: Sets the effective SecurityContext's RunAsUserName Co-Authored-By: Claudiu Belu --- pkg/kubelet/kuberuntime/kuberuntime_container_windows.go | 5 +++++ pkg/securitycontext/util.go | 3 +++ 2 files changed, 8 insertions(+) diff --git a/pkg/kubelet/kuberuntime/kuberuntime_container_windows.go b/pkg/kubelet/kuberuntime/kuberuntime_container_windows.go index e99660c3c2f..6f858b7482e 100644 --- a/pkg/kubelet/kuberuntime/kuberuntime_container_windows.go +++ b/pkg/kubelet/kuberuntime/kuberuntime_container_windows.go @@ -102,5 +102,10 @@ func (m *kubeGenericRuntimeManager) generateWindowsContainerConfig(container *v1 wc.SecurityContext.CredentialSpec = *effectiveSc.WindowsOptions.GMSACredentialSpec } + // override with Windows options if present + if effectiveSc.WindowsOptions != nil && effectiveSc.WindowsOptions.RunAsUserName != nil { + wc.SecurityContext.RunAsUsername = *effectiveSc.WindowsOptions.RunAsUserName + } + return wc, nil } diff --git a/pkg/securitycontext/util.go b/pkg/securitycontext/util.go index 6a012076dc9..f399dca3f8c 100644 --- a/pkg/securitycontext/util.go +++ b/pkg/securitycontext/util.go @@ -76,6 +76,9 @@ func DetermineEffectiveSecurityContext(pod *v1.Pod, container *v1.Container) *v1 effectiveSc.WindowsOptions.GMSACredentialSpecName = containerSc.WindowsOptions.GMSACredentialSpecName effectiveSc.WindowsOptions.GMSACredentialSpec = containerSc.WindowsOptions.GMSACredentialSpec } + if containerSc.WindowsOptions.RunAsUserName != nil { + effectiveSc.WindowsOptions.RunAsUserName = containerSc.WindowsOptions.RunAsUserName + } } if containerSc.Capabilities != nil {