fix allow run as root when disk mount by krist7599555 · Pull Request #3 · deploys-app/deployer

krist7599555 · 2026-03-07T10:50:39Z

Some database that store local file sometime need to run shell script by root user.

When deployment with disk it will force USER = 10000 which prevent some script to run at runtime.

Lines 125 to 132 in 7926e33

    
           func securityContext() *v1.PodSecurityContext { 
        
           	return &v1.PodSecurityContext{ 
        
           		RunAsUser:    pointer.Int64(10000), 
        
           		RunAsGroup:   pointer.Int64(10000), 
        
           		RunAsNonRoot: pointer.Bool(true), 
        
           		FSGroup:      pointer.Int64(10000), 
        
           	} 
        
           }

deployer/k8s/deployment.go

Lines 360 to 379 in 7926e33

    
           if obj.Disk.Name != "" { 
        
           	deploy.Spec.Template.Spec.Volumes = append(deploy.Spec.Template.Spec.Volumes, v1.Volume{ 
        
           		Name: "data", 
        
           		VolumeSource: v1.VolumeSource{ 
        
           			PersistentVolumeClaim: &v1.PersistentVolumeClaimVolumeSource{ 
        
           				ClaimName: obj.Disk.Name, 
        
           			}, 
        
           		}, 
        
           	}) 
        
           	app.VolumeMounts = append(app.VolumeMounts, v1.VolumeMount{ 
        
           		Name:      "data", 
        
           		MountPath: obj.Disk.MountPath, 
        
           		SubPath:   obj.Disk.SubPath, 
        
           	}) 
        
           	deploy.Spec.Template.Spec.SecurityContext = securityContext() 
        
           } 
        
           deploy.Spec.Template.Spec.Containers = []v1.Container{app} 
        
           deploy.Spec.Template.Spec.ServiceAccountName = obj.SA 
        
           deploy.Spec.Template.Spec.TerminationGracePeriodSeconds = pointer.Int64(terminationGracePeriodSeconds) 
        
           // deploy.Spec.Template.Spec.SecurityContext = securityContext()

so i just comment out line 374 to made every time run container always USER = 0

some database that store local file sometime need to run shell script by root user

fix allow run as root when disk mount

7813d35

some database that store local file sometime need to run shell script by root user

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix allow run as root when disk mount#3

fix allow run as root when disk mount#3
krist7599555 wants to merge 1 commit intodeploys-app:mainfrom
krist7599555:patch-1

krist7599555 commented Mar 7, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

	func securityContext() *v1.PodSecurityContext {
	return &v1.PodSecurityContext{
	RunAsUser: pointer.Int64(10000),
	RunAsGroup: pointer.Int64(10000),
	RunAsNonRoot: pointer.Bool(true),
	FSGroup: pointer.Int64(10000),
	}
	}

	if obj.Disk.Name != "" {
	deploy.Spec.Template.Spec.Volumes = append(deploy.Spec.Template.Spec.Volumes, v1.Volume{
	Name: "data",
	VolumeSource: v1.VolumeSource{
	PersistentVolumeClaim: &v1.PersistentVolumeClaimVolumeSource{
	ClaimName: obj.Disk.Name,
	},
	},
	})
	app.VolumeMounts = append(app.VolumeMounts, v1.VolumeMount{
	Name: "data",
	MountPath: obj.Disk.MountPath,
	SubPath: obj.Disk.SubPath,
	})
	deploy.Spec.Template.Spec.SecurityContext = securityContext()
	}
	deploy.Spec.Template.Spec.Containers = []v1.Container{app}
	deploy.Spec.Template.Spec.ServiceAccountName = obj.SA
	deploy.Spec.Template.Spec.TerminationGracePeriodSeconds = pointer.Int64(terminationGracePeriodSeconds)
	// deploy.Spec.Template.Spec.SecurityContext = securityContext()

Conversation

krist7599555 commented Mar 7, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant