fix aux image init container not honoring podSecurityContext ported from main.

jshum2479 · jshum2479 · commit 39babb2c6bf9 · 2025-02-20T08:40:39.000-06:00
diff --git a/operator/src/main/java/oracle/kubernetes/operator/helpers/PodHelper.java b/operator/src/main/java/oracle/kubernetes/operator/helpers/PodHelper.java
@@ -169,6 +169,17 @@ private static String getServerName(@Nonnull Map<String,String> labels) {
     return labels.get(SERVERNAME_LABEL);
   }
 
+  private static V1SecurityContext getEffectiveSecurityContext(V1PodSecurityContext ctx) {
+    return new V1SecurityContext()
+            .runAsUser(ctx.getRunAsUser())
+            .runAsGroup(ctx.getRunAsGroup())
+            .runAsNonRoot(ctx.getRunAsNonRoot())
+            .seccompProfile(ctx.getSeccompProfile())
+            .seLinuxOptions(ctx.getSeLinuxOptions())
+            .windowsOptions(ctx.getWindowsOptions());
+
+  }
+
   /**
    * get if pod is in ready state.
    * @param pod pod
@@ -474,7 +485,10 @@ EffectiveServerSpec getServerSpec() {
 
     @Override
     V1SecurityContext getInitContainerSecurityContext() {
-      return PodSecurityHelper.getDefaultContainerSecurityContext();
+      if (getPodSecurityContext().equals(PodSecurityHelper.getDefaultPodSecurityContext())) {
+        return PodSecurityHelper.getDefaultContainerSecurityContext();
+      }
+      return getEffectiveSecurityContext(getPodSecurityContext());
     }
 
     @Override
@@ -757,7 +771,10 @@ protected List<String> getContainerCommand() {
 
     @Override
     V1SecurityContext getInitContainerSecurityContext() {
-      return PodSecurityHelper.getDefaultContainerSecurityContext();
+      if (getPodSecurityContext().equals(PodSecurityHelper.getDefaultPodSecurityContext())) {
+        return PodSecurityHelper.getDefaultContainerSecurityContext();
+      }
+      return getEffectiveSecurityContext(getPodSecurityContext());
     }
 
     @Override
