Pod specifying runAsUser: 0 not working

[caesar0301]

Accoding to kubernetes bug fix kubernetes/kubernetes#78308, pods that explicitly specifying runAsUser: <uid> or runAsGroup: <gid> should start the container always in every launch using given user or group. If runAsUser or runAsGroup is not set, the container should run with USER specified when building the image.

Now we get the sdk implementation that runAsUser: 0 is ignored when the user forces to launch the container with root, overwriting default image USER. The same to runAsGroup: 0.

c/kubernetes/model/v1_security_context.c

Line 134 in 859fc3f

if(v1_security_context->run_as_user) {

c/kubernetes/model/v1_security_context.c

Line 118 in 859fc3f

if(v1_security_context->run_as_group) {

I have a local fix to remain the semantics meaning to introduce the invalid user and group as -1:

[ityuhui]

This issue is similar to #158. If we always pass "0" to API server, the default value in Kubernetes will be broken (that might introduce the issue #170)

It seems the best solution would be to replace int run_as_user with int *run_as_user, but this will bing great changes to openapi-generator/c template. #160 (comment)
The second solution is to introduce a magic number just like you did. #160 (comment)

I'm thinking of a better solution. What do you recommend?

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[ityuhui]

/remove-lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[ityuhui]

/remove-lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle rotten
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten