fix: direct map of fluentbit securitycontext options (#1773)

kube-logging · Jul 12, 2024 · d3a87fb · d3a87fb
1 parent bca5658
commit d3a87fb
Showing 1 changed file with 8 additions and 27 deletions.
diff --git a/pkg/resources/fluentbit/daemonset.go b/pkg/resources/fluentbit/daemonset.go
@@ -128,20 +128,11 @@ func (r *Reconciler) fluentbitContainer() *corev1.Container {
 		Ports:           r.generatePortsMetrics(),
 		Resources:       r.fluentbitSpec.Resources,
 		VolumeMounts:    r.generateVolumeMounts(),
-		SecurityContext: &corev1.SecurityContext{
-			RunAsUser:                r.fluentbitSpec.Security.SecurityContext.RunAsUser,
-			RunAsNonRoot:             r.fluentbitSpec.Security.SecurityContext.RunAsNonRoot,
-			ReadOnlyRootFilesystem:   r.fluentbitSpec.Security.SecurityContext.ReadOnlyRootFilesystem,
-			AllowPrivilegeEscalation: r.fluentbitSpec.Security.SecurityContext.AllowPrivilegeEscalation,
-			Privileged:               r.fluentbitSpec.Security.SecurityContext.Privileged,
-			SELinuxOptions:           r.fluentbitSpec.Security.SecurityContext.SELinuxOptions,
-			SeccompProfile:           r.fluentbitSpec.Security.SecurityContext.SeccompProfile,
-			Capabilities:             r.fluentbitSpec.Security.SecurityContext.Capabilities,
-		},
-		Command:        args,
-		Env:            r.fluentbitSpec.EnvVars,
-		LivenessProbe:  r.fluentbitSpec.LivenessProbe,
-		ReadinessProbe: r.fluentbitSpec.ReadinessProbe,
+		SecurityContext: r.fluentbitSpec.Security.SecurityContext,
+		Command:         args,
+		Env:             r.fluentbitSpec.EnvVars,
+		LivenessProbe:   r.fluentbitSpec.LivenessProbe,
+		ReadinessProbe:  r.fluentbitSpec.ReadinessProbe,
 	}
 }
 
@@ -177,18 +168,7 @@ func newConfigMapReloader(spec *v1beta1.FluentbitSpec) corev1.Container {
 		Resources:       spec.ConfigHotReload.Resources,
 		Args:            args,
 		VolumeMounts:    vm,
-	}
-
-	if spec.Security != nil && spec.Security.SecurityContext != nil {
-		c.SecurityContext = &corev1.SecurityContext{
-			RunAsUser:                spec.Security.SecurityContext.RunAsUser,
-			RunAsGroup:               spec.Security.SecurityContext.RunAsGroup,
-			ReadOnlyRootFilesystem:   spec.Security.SecurityContext.ReadOnlyRootFilesystem,
-			AllowPrivilegeEscalation: spec.Security.SecurityContext.AllowPrivilegeEscalation,
-			Privileged:               spec.Security.SecurityContext.Privileged,
-			RunAsNonRoot:             spec.Security.SecurityContext.RunAsNonRoot,
-			SELinuxOptions:           spec.Security.SecurityContext.SELinuxOptions,
-		}
+		SecurityContext: spec.Security.SecurityContext,
 	}
 
 	return c
@@ -348,7 +328,8 @@ func (r *Reconciler) bufferMetricsSidecarContainer() *corev1.Container {
 					MountPath: r.fluentbitSpec.BufferStorage.StoragePath,
 				},
 			},
-			Resources: r.fluentbitSpec.BufferVolumeResources,
+			Resources:       r.fluentbitSpec.BufferVolumeResources,
+			SecurityContext: r.fluentbitSpec.Security.SecurityContext,
 		}
 	}
 	return nil