From 4631f5b283b95abb30b91a858517609d3fb2022c Mon Sep 17 00:00:00 2001
From: cdoern <cdoern@redhat.com>
Date: Mon, 11 Oct 2021 11:01:36 -0400
Subject: [PATCH] Kube Gen run as user/group issues

Removed the inclusion of RunAsUser or RunAsGroup unless a container is run with the --user flag. When building from an image
the user will be pulled from there anyway

resolves #11914

Signed-off-by: cdoern <cdoern@redhat.com>
---
 libpod/kube.go                 | 4 ++++
 test/e2e/generate_kube_test.go | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/libpod/kube.go b/libpod/kube.go
index 816fe9cc36..452c2b02ef 100644
--- a/libpod/kube.go
+++ b/libpod/kube.go
@@ -485,6 +485,10 @@ func containerToV1Container(ctx context.Context, c *Container) (v1.Container, []
 		kubeContainer.Command = nil
 	}
 
+	if imgData.User == c.User() {
+		kubeSec.RunAsGroup, kubeSec.RunAsUser = nil, nil
+	}
+
 	kubeContainer.WorkingDir = c.WorkingDir()
 	kubeContainer.Ports = ports
 	// This should not be applicable
diff --git a/test/e2e/generate_kube_test.go b/test/e2e/generate_kube_test.go
index 3e6f1e8c4a..e51805c83c 100644
--- a/test/e2e/generate_kube_test.go
+++ b/test/e2e/generate_kube_test.go
@@ -942,7 +942,7 @@ USER test1`
 		pod := new(v1.Pod)
 		err = yaml.Unmarshal(kube.Out.Contents(), pod)
 		Expect(err).To(BeNil())
-		Expect(*pod.Spec.Containers[0].SecurityContext.RunAsUser).To(Equal(int64(10001)))
+		Expect(pod.Spec.Containers[0].SecurityContext.RunAsUser).To(BeNil())
 	})
 
 	It("podman generate kube on named volume", func() {