deployment: carry over the securityContext from the deployment config…

… to lifecycle hook
openshift · Apr 5, 2017 · d026451 · d026451
1 parent f0670df
commit d026451
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/pkg/deploy/strategy/support/lifecycle.go b/pkg/deploy/strategy/support/lifecycle.go
@@ -375,6 +375,20 @@ func makeHookPod(hook *deployapi.LifecycleHook, rc *kapi.ReplicationController,
 
 	gracePeriod := int64(10)
 
+	var podSecurityContextCopy *kapi.PodSecurityContext
+	if ctx, err := kapi.Scheme.DeepCopy(rc.Spec.Template.Spec.SecurityContext); err != nil {
+		return nil, fmt.Errorf("unable to copy pod securityContext: %v", err)
+	} else {
+		podSecurityContextCopy = ctx.(*kapi.PodSecurityContext)
+	}
+
+	var securityContextCopy *kapi.SecurityContext
+	if ctx, err := kapi.Scheme.DeepCopy(baseContainer.SecurityContext); err != nil {
+		return nil, fmt.Errorf("unable to copy securityContext: %v", err)
+	} else {
+		securityContextCopy = ctx.(*kapi.SecurityContext)
+	}
+
 	pod := &kapi.Pod{
 		ObjectMeta: kapi.ObjectMeta{
 			Name: namer.GetPodName(rc.Name, suffix),
@@ -397,8 +411,10 @@ func makeHookPod(hook *deployapi.LifecycleHook, rc *kapi.ReplicationController,
 					Env:             mergedEnv,
 					Resources:       resources,
 					VolumeMounts:    volumeMounts,
+					SecurityContext: securityContextCopy,
 				},
 			},
+			SecurityContext:       podSecurityContextCopy,
 			Volumes:               volumes,
 			ActiveDeadlineSeconds: &maxDeploymentDurationSeconds,
 			// Setting the node selector on the hook pod so that it is created