Fix admin and managed server ignored the podSecurityContext for aux image init container.

jshum2479 · jshum2479 · commit ceb15d623b61 · 2025-02-19T18:56:19.000-06:00
diff --git a/operator/src/main/java/oracle/kubernetes/operator/helpers/PodHelper.java b/operator/src/main/java/oracle/kubernetes/operator/helpers/PodHelper.java
@@ -166,10 +166,22 @@ static String getServerName(@Nullable V1Pod pod) {
             .orElse(null);
   }
 
+
   private static String getServerName(@Nonnull Map<String,String> labels) {
     return labels.get(SERVERNAME_LABEL);
   }
 
+  private static V1SecurityContext getEffectiveSecurityContext(V1PodSecurityContext ctx) {
+    return new V1SecurityContext()
+            .runAsUser(ctx.getRunAsUser())
+            .runAsGroup(ctx.getRunAsGroup())
+            .runAsNonRoot(ctx.getRunAsNonRoot())
+            .seccompProfile(ctx.getSeccompProfile())
+            .seLinuxOptions(ctx.getSeLinuxOptions())
+            .windowsOptions(ctx.getWindowsOptions());
+
+  }
+
   /**
    * get if pod is in ready state.
    * @param pod pod
@@ -575,7 +587,10 @@ EffectiveServerSpec getServerSpec() {
 
     @Override
     V1SecurityContext getInitContainerSecurityContext() {
-      return PodSecurityHelper.getDefaultContainerSecurityContext();
+      if (getPodSecurityContext().equals(PodSecurityHelper.getDefaultPodSecurityContext())) {
+        return PodSecurityHelper.getDefaultContainerSecurityContext();
+      }
+      return getEffectiveSecurityContext(getPodSecurityContext());
     }
 
     @Override
@@ -880,7 +895,10 @@ protected List<String> getContainerCommand() {
 
     @Override
     V1SecurityContext getInitContainerSecurityContext() {
-      return PodSecurityHelper.getDefaultContainerSecurityContext();
+      if (getPodSecurityContext().equals(PodSecurityHelper.getDefaultPodSecurityContext())) {
+        return PodSecurityHelper.getDefaultContainerSecurityContext();
+      }
+      return getEffectiveSecurityContext(getPodSecurityContext());
     }
 
     @Override
