pod: Support runAsUser: 0

I think this is better than calling it `privileged` as that has a specific meaning in Docker/Kubernetes. See my argument at https://lwn.net/Articles/796885/
coreos · Sep 13, 2019 · 6b47389 · 6b47389
1 parent 5c2e749
commit 6b47389
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/vars/coreos.groovy b/vars/coreos.groovy
@@ -9,9 +9,13 @@ def pod(params, body) {
     podObj['spec']['containers'][1]['image'] = params['image']
 
     if (params['privileged']) {
+        // Backwards compat, see https://github.com/projectatomic/rpm-ostree/pull/1899/commits/9c1709c363e94760f0e9461719b92a7a4aca6c63#r323256575
+        params['runAsUser'] = 0
+    }
+    if (params['runAsUser']) {
         // XXX: tmp hack to get anyuid SCC; need to ask to get jenkins SA added
         podObj['spec']['serviceAccountName'] = "papr"
-        podObj['spec']['containers'][1]['securityContext'] = [runAsUser: 0]
+        podObj['spec']['containers'][1]['securityContext'] = [runAsUser: params['runAsUser']]
     }
 
     if (params['kvm']) {