From 36385f065de317d259d9e4c87a95698d20736e4e Mon Sep 17 00:00:00 2001
From: Prathamesh Musale <prathamesh.musale0@gmail.com>
Date: Wed, 11 Mar 2026 06:24:50 +0000
Subject: [PATCH] Support compose user: directive as k8s runAsUser

Read the user: field from compose service definitions and map it to
securityContext.runAsUser on the k8s container spec. Needed for init
containers using images that run as non-root by default (e.g.
bitnami/kubectl runs as UID 1001).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 stack_orchestrator/deploy/k8s/cluster_info.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/stack_orchestrator/deploy/k8s/cluster_info.py b/stack_orchestrator/deploy/k8s/cluster_info.py
index d1a9e72d..5a202ebd 100644
--- a/stack_orchestrator/deploy/k8s/cluster_info.py
+++ b/stack_orchestrator/deploy/k8s/cluster_info.py
@@ -567,6 +567,7 @@ class ClusterInfo:
                     volume_mounts=volume_mounts,
                     security_context=client.V1SecurityContext(
                         privileged=self.spec.get_privileged(),
+                        run_as_user=int(service_info["user"]) if "user" in service_info else None,
                         capabilities=client.V1Capabilities(
                             add=self.spec.get_capabilities()
                         )