Merge branch 'cherry-pick-452d6af1' into 'release/4.1'

rjeberhard · rjeberhard · commit d8d88b31b33a · 2023-08-25T14:33:40.000Z
Merge branch 'OWLS-111911' into 'main'

See merge request weblogic-cloud/weblogic-kubernetes-operator!4413
diff --git a/operator/src/main/java/oracle/kubernetes/operator/helpers/BasePodStepContext.java b/operator/src/main/java/oracle/kubernetes/operator/helpers/BasePodStepContext.java
@@ -156,7 +156,7 @@ protected V1Container createInitContainerForAuxiliaryImage(DeploymentImage auxil
             .command(Collections.singletonList(AUXILIARY_IMAGE_INIT_CONTAINER_WRAPPER_SCRIPT))
             .env(createEnv(auxiliaryImage, getName(index)))
             .resources(createResources())
-            .securityContext(getInitContainerSecurityContext())
+            .securityContext(PodSecurityHelper.getDefaultContainerSecurityContext())
             .volumeMounts(Arrays.asList(
                     new V1VolumeMount().name(AUXILIARY_IMAGE_INTERNAL_VOLUME_NAME)
                             .mountPath(AUXILIARY_IMAGE_TARGET_PATH),
diff --git a/operator/src/main/java/oracle/kubernetes/operator/helpers/JobStepContext.java b/operator/src/main/java/oracle/kubernetes/operator/helpers/JobStepContext.java
@@ -592,13 +592,17 @@ protected V1PodSpec createPodSpec() {
           podSpec.securityContext(podSecurityContext.fsGroup(podSecurityContext.getRunAsGroup()));
         } else if (podSecurityContext.getFsGroup() == null) {
           Optional.ofNullable(TuningParameters.getInstance()).ifPresent(instance -> {
-            if (!"OpenShift".equalsIgnoreCase(instance.getKubernetesPlatform())) {
+            if (!"OpenShift".equalsIgnoreCase(instance.getKubernetesPlatform()) && !isInitDomainOnPVRunAsRoot()) {
               podSpec.securityContext(podSecurityContext.fsGroup(0L));
             }
           });
         }
         if (podSpec.getSecurityContext().getFsGroupChangePolicy() == null) {
-          podSpec.getSecurityContext().fsGroupChangePolicy("OnRootMismatch");
+          Optional.ofNullable(TuningParameters.getInstance()).ifPresent(instance -> {
+            if (!"OpenShift".equalsIgnoreCase(instance.getKubernetesPlatform()) && !isInitDomainOnPVRunAsRoot()) {
+              podSpec.getSecurityContext().fsGroupChangePolicy("OnRootMismatch");
+            }
+          });
         }
       }
     }

Original file line number	Diff line number	Diff line change
`@@ -592,13 +592,17 @@ protected V1PodSpec createPodSpec() {`
`592`	`592`	`podSpec.securityContext(podSecurityContext.fsGroup(podSecurityContext.getRunAsGroup()));`
`593`	`593`	`} else if (podSecurityContext.getFsGroup() == null) {`
`594`	`594`	`Optional.ofNullable(TuningParameters.getInstance()).ifPresent(instance -> {`
`595`		`- if (!"OpenShift".equalsIgnoreCase(instance.getKubernetesPlatform())) {`
	`595`	`+ if (!"OpenShift".equalsIgnoreCase(instance.getKubernetesPlatform()) && !isInitDomainOnPVRunAsRoot()) {`
`596`	`596`	`podSpec.securityContext(podSecurityContext.fsGroup(0L));`
`597`	`597`	`}`
`598`	`598`	`});`
`599`	`599`	`}`
`600`	`600`	`if (podSpec.getSecurityContext().getFsGroupChangePolicy() == null) {`
`601`		`- podSpec.getSecurityContext().fsGroupChangePolicy("OnRootMismatch");`
	`601`	`+ Optional.ofNullable(TuningParameters.getInstance()).ifPresent(instance -> {`
	`602`	`+ if (!"OpenShift".equalsIgnoreCase(instance.getKubernetesPlatform()) && !isInitDomainOnPVRunAsRoot()) {`
	`603`	`+ podSpec.getSecurityContext().fsGroupChangePolicy("OnRootMismatch");`
	`604`	`+ }`
	`605`	`+ });`
`602`	`606`	`}`
`603`	`607`	`}`
`604`	`608`	`}`