@@ -169,6 +169,17 @@ private static String getServerName(@Nonnull Map<String,String> labels) {
169169 return labels .get (SERVERNAME_LABEL );
170170 }
171171
172+ private static V1SecurityContext getEffectiveSecurityContext (V1PodSecurityContext ctx ) {
173+ return new V1SecurityContext ()
174+ .runAsUser (ctx .getRunAsUser ())
175+ .runAsGroup (ctx .getRunAsGroup ())
176+ .runAsNonRoot (ctx .getRunAsNonRoot ())
177+ .seccompProfile (ctx .getSeccompProfile ())
178+ .seLinuxOptions (ctx .getSeLinuxOptions ())
179+ .windowsOptions (ctx .getWindowsOptions ());
180+
181+ }
182+
172183 /**
173184 * get if pod is in ready state.
174185 * @param pod pod
@@ -474,7 +485,10 @@ EffectiveServerSpec getServerSpec() {
474485
475486 @ Override
476487 V1SecurityContext getInitContainerSecurityContext () {
477- return PodSecurityHelper .getDefaultContainerSecurityContext ();
488+ if (getPodSecurityContext ().equals (PodSecurityHelper .getDefaultPodSecurityContext ())) {
489+ return PodSecurityHelper .getDefaultContainerSecurityContext ();
490+ }
491+ return getEffectiveSecurityContext (getPodSecurityContext ());
478492 }
479493
480494 @ Override
@@ -757,7 +771,10 @@ protected List<String> getContainerCommand() {
757771
758772 @ Override
759773 V1SecurityContext getInitContainerSecurityContext () {
760- return PodSecurityHelper .getDefaultContainerSecurityContext ();
774+ if (getPodSecurityContext ().equals (PodSecurityHelper .getDefaultPodSecurityContext ())) {
775+ return PodSecurityHelper .getDefaultContainerSecurityContext ();
776+ }
777+ return getEffectiveSecurityContext (getPodSecurityContext ());
761778 }
762779
763780 @ Override
0 commit comments