Minor fix to bools for pod privileged mode

Signed-off-by: Matt Oswalt <matt@oswalt.dev>
nre-learning · Oct 22, 2020 · fc90bc1 · fc90bc1
1 parent 32f8589
commit fc90bc1
Showing 1 changed file with 8 additions and 8 deletions.
diff --git a/scheduler/pods.go b/scheduler/pods.go
@@ -158,10 +158,13 @@ func (s *AntidoteScheduler) createPod(sc ot.SpanContext, ep *models.LiveEndpoint
 		}
 	}
 
+	t := true
+	f := false
+
 	// See the EndpointImage model in db/models for a definition of these flavors
 	switch flavor {
 	case models.FlavorTrusted:
-		t := true
+
 		pod.Spec.Containers[0].SecurityContext = &corev1.SecurityContext{
 			Privileged:               &t,
 			AllowPrivilegeEscalation: &t,
@@ -176,10 +179,9 @@ func (s *AntidoteScheduler) createPod(sc ot.SpanContext, ep *models.LiveEndpoint
 	// rather have it and not need it vs the reverse. Provided the new flavor model works, this can be removed
 	// as an option after a while.
 	case models.FlavorLegacy:
-		t := false
 		pod.Spec.Containers[0].SecurityContext = &corev1.SecurityContext{
-			Privileged:               &t,
-			AllowPrivilegeEscalation: &t,
+			Privileged:               &f,
+			AllowPrivilegeEscalation: &f,
 			Capabilities: &corev1.Capabilities{
 				Add: []corev1.Capability{
 					"NET_ADMIN",
@@ -188,11 +190,9 @@ func (s *AntidoteScheduler) createPod(sc ot.SpanContext, ep *models.LiveEndpoint
 		}
 
 	default:
-
-		t := false
 		pod.Spec.Containers[0].SecurityContext = &corev1.SecurityContext{
-			Privileged:               &t,
-			AllowPrivilegeEscalation: &t,
+			Privileged:               &f,
+			AllowPrivilegeEscalation: &f,
 			Capabilities: &corev1.Capabilities{
 				Add: []corev1.Capability{
 					"NET_ADMIN",