Merge pull request #12733 from mfojtik/lifecycle_security

Merged by openshift-bot

Author: OpenShift Bot

pkg/deploy/strategy/support/lifecycle.go

@@ -375,6 +375,20 @@ func makeHookPod(hook *deployapi.LifecycleHook, rc *kapi.ReplicationController,
 
 	gracePeriod := int64(10)
 
+	var podSecurityContextCopy *kapi.PodSecurityContext
+	if ctx, err := kapi.Scheme.DeepCopy(rc.Spec.Template.Spec.SecurityContext); err != nil {
+		return nil, fmt.Errorf("unable to copy pod securityContext: %v", err)
+	} else {
+		podSecurityContextCopy = ctx.(*kapi.PodSecurityContext)
+	}
+
+	var securityContextCopy *kapi.SecurityContext
+	if ctx, err := kapi.Scheme.DeepCopy(baseContainer.SecurityContext); err != nil {
+		return nil, fmt.Errorf("unable to copy securityContext: %v", err)
+	} else {
+		securityContextCopy = ctx.(*kapi.SecurityContext)
+	}
+
 	pod := &kapi.Pod{
 		ObjectMeta: kapi.ObjectMeta{
 			Name: namer.GetPodName(rc.Name, suffix),
@@ -397,8 +411,10 @@ func makeHookPod(hook *deployapi.LifecycleHook, rc *kapi.ReplicationController,
 					Env:             mergedEnv,
 					Resources:       resources,
 					VolumeMounts:    volumeMounts,
+					SecurityContext: securityContextCopy,
 				},
 			},
+			SecurityContext:       podSecurityContextCopy,
 			Volumes:               volumes,
 			ActiveDeadlineSeconds: &maxDeploymentDurationSeconds,
 			// Setting the node selector on the hook pod so that it is created