Add securityContext to the user-specified containers

Signed-off-by: Masayuki Ishii <masa213f@gmail.com>
cybozu-go · Mar 16, 2022 · 46bf36a · 46bf36a
1 parent 48e6de2
commit 46bf36a
Showing 1 changed file with 7 additions and 4 deletions.
diff --git a/controllers/mysql_container.go b/controllers/mysql_container.go
@@ -228,6 +228,8 @@ func (r *MySQLClusterReconciler) makeV1OptionalContainers(cluster *mocov1beta2.M
 			continue
 		}
 
+		updateContainerWithSecurityContext(&c)
+
 		switch *c.Name {
 		case constants.MysqldContainerName:
 		case constants.AgentContainerName:
@@ -280,16 +282,17 @@ func (r *MySQLClusterReconciler) makeV1InitContainer(cluster *mocov1beta2.MySQLC
 	spec := cluster.Spec.PodTemplate.Spec.DeepCopy()
 	for _, given := range spec.InitContainers {
 		ic := given
+		updateContainerWithSecurityContext(&ic)
 		initContainers = append(initContainers, &ic)
 	}
 	return initContainers
 }
 
 func updateContainerWithSecurityContext(container *corev1ac.ContainerApplyConfiguration) {
 	if container.SecurityContext == nil {
-		container.WithSecurityContext(corev1ac.SecurityContext().
-			WithRunAsUser(constants.ContainerUID).
-			WithRunAsGroup(constants.ContainerGID),
-		)
+		container.WithSecurityContext(corev1ac.SecurityContext())
 	}
+	container.SecurityContext.
+		WithRunAsUser(constants.ContainerUID).
+		WithRunAsGroup(constants.ContainerGID)
 }