From d0264511c44268707541b6cfbdeb0394fa87c422 Mon Sep 17 00:00:00 2001
From: Michal Fojtik <mfojtik@redhat.com>
Date: Tue, 31 Jan 2017 15:12:43 +0100
Subject: [PATCH] deployment: carry over the securityContext from the
 deployment config to lifecycle hook

---
 pkg/deploy/strategy/support/lifecycle.go | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/pkg/deploy/strategy/support/lifecycle.go b/pkg/deploy/strategy/support/lifecycle.go
index eeaefe7cdc0b..7381cc58d070 100644
--- a/pkg/deploy/strategy/support/lifecycle.go
+++ b/pkg/deploy/strategy/support/lifecycle.go
@@ -375,6 +375,20 @@ func makeHookPod(hook *deployapi.LifecycleHook, rc *kapi.ReplicationController,
 
 	gracePeriod := int64(10)
 
+	var podSecurityContextCopy *kapi.PodSecurityContext
+	if ctx, err := kapi.Scheme.DeepCopy(rc.Spec.Template.Spec.SecurityContext); err != nil {
+		return nil, fmt.Errorf("unable to copy pod securityContext: %v", err)
+	} else {
+		podSecurityContextCopy = ctx.(*kapi.PodSecurityContext)
+	}
+
+	var securityContextCopy *kapi.SecurityContext
+	if ctx, err := kapi.Scheme.DeepCopy(baseContainer.SecurityContext); err != nil {
+		return nil, fmt.Errorf("unable to copy securityContext: %v", err)
+	} else {
+		securityContextCopy = ctx.(*kapi.SecurityContext)
+	}
+
 	pod := &kapi.Pod{
 		ObjectMeta: kapi.ObjectMeta{
 			Name: namer.GetPodName(rc.Name, suffix),
@@ -397,8 +411,10 @@ func makeHookPod(hook *deployapi.LifecycleHook, rc *kapi.ReplicationController,
 					Env:             mergedEnv,
 					Resources:       resources,
 					VolumeMounts:    volumeMounts,
+					SecurityContext: securityContextCopy,
 				},
 			},
+			SecurityContext:       podSecurityContextCopy,
 			Volumes:               volumes,
 			ActiveDeadlineSeconds: &maxDeploymentDurationSeconds,
 			// Setting the node selector on the hook pod so that it is created