mirrors/velero
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/velero.git synced 2026-01-06 13:26:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

don't copy securitycontext from first container if configmap found

Browse Source 
Signed-off-by: Scott Seago <sseago@redhat.com>
This commit is contained in:
Scott Seago
2025-11-04 16:53:30 -05:00
parent 45755e14ee
commit bd7d28f004
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
changelogs/unreleased/9389-sseago Normal file
View File

@@ -0,0 +1 @@
don't copy securitycontext from first container if configmap found

4
pkg/restore/actions/pod_volume_restore_action.go
View File

@@ -185,8 +185,8 @@ func (a *PodVolumeRestoreAction) Execute(input *velero.RestoreItemActionExecuteI
securityContextSet = true
}
}
// if first container in pod has a SecurityContext set, then copy this security context
if len(pod.Spec.Containers) != 0 && pod.Spec.Containers[0].SecurityContext != nil {
// if securityContext configmap is unavailable but first container in pod has a SecurityContext set, then copy this security context
if !securityContextSet && len(pod.Spec.Containers) != 0 && pod.Spec.Containers[0].SecurityContext != nil {
securityContext = *pod.Spec.Containers[0].SecurityContext.DeepCopy()
securityContextSet = true
}