From fac06699da440ede7f99a7594fae058c3818c0bd Mon Sep 17 00:00:00 2001 From: Jason Montleon Date: Thu, 14 Nov 2024 13:35:22 -0500 Subject: [PATCH] :bug: Run task pods with hub UID (#761) Signed-off-by: Jason Montleon (cherry picked from commit 12a28b8111e78c4a4c95995d0db8cda1c6a019fa) --- settings/hub.go | 24 ++++++++++++++++++++++++ task/manager.go | 4 ++++ 2 files changed, 28 insertions(+) diff --git a/settings/hub.go b/settings/hub.go index 3cfb8427..176fc289 100644 --- a/settings/hub.go +++ b/settings/hub.go @@ -2,6 +2,7 @@ package settings import ( "os" + "os/user" "strconv" "time" ) @@ -28,6 +29,7 @@ const ( EnvTaskPreemptDelayed = "TASK_PREEMPT_DELAYED" EnvTaskPreemptPostponed = "TASK_PREEMPT_POSTPONED" EnvTaskPreemptRate = "TASK_PREEMPT_RATE" + EnvTaskUid = "TASK_UID" EnvFrequencyTask = "FREQUENCY_TASK" EnvFrequencyReaper = "FREQUENCY_REAPER" EnvDevelopment = "DEVELOPMENT" @@ -94,6 +96,7 @@ type Hub struct { Failed int } } + UID int64 } // Frequency Frequency struct { @@ -257,6 +260,27 @@ func (r *Hub) Load() (err error) { } else { r.Task.Preemption.Rate = 10 } + s, found = os.LookupEnv(EnvTaskUid) + if found { + var uid int64 + uid, err = strconv.ParseInt(s, 10, 64) + if err != nil { + return + } + r.Task.UID = uid + } else { + var uid int64 + var hubUser *user.User + hubUser, err = user.Current() + if err != nil { + return + } + uid, err = strconv.ParseInt(hubUser.Uid, 10, 64) + if err != nil { + return + } + r.Task.UID = uid + } s, found = os.LookupEnv(EnvDevelopment) if found { b, _ := strconv.ParseBool(s) diff --git a/task/manager.go b/task/manager.go index c939c3d0..9152570b 100644 --- a/task/manager.go +++ b/task/manager.go @@ -1699,6 +1699,7 @@ func (r *Task) containers( }, }, } + uid := Settings.Hub.Task.UID plain = append(plain, addon.Spec.Container) plain[0].Name = "addon" for i := range extensions { @@ -1714,6 +1715,9 @@ func (r *Task) containers( container := &plain[i] injector.Inject(container) r.propagateEnv(&plain[0], container) + container.SecurityContext = &core.SecurityContext{ + RunAsUser: &uid, + } container.VolumeMounts = append( container.VolumeMounts, core.VolumeMount{