Remove all references to types.UnixUserID and types.UnixGroupID

2017-06-21 00:13:36 -07:00 · 2017-06-21 00:13:36 -07:00 · c91a12d205
parent 9139666704
commit c91a12d205
80 changed files with 247 additions and 315 deletions
--- a/pkg/api/types.go
+++ b/pkg/api/types.go
@ -2263,7 +2263,7 @@ type PodSecurityContext struct {
 	// PodSecurityContext, the value specified in SecurityContext takes precedence
 	// for that container.
 	// +optional
-	RunAsUser *types.UnixUserID
+	RunAsUser *int64
 	// Indicates that the container must run as a non-root user.
 	// If true, the Kubelet will validate the image at runtime to ensure that it
 	// does not run as UID 0 (root) and fail to start the container if it does.
@ -2276,7 +2276,7 @@ type PodSecurityContext struct {
 	// to the container's primary GID.  If unspecified, no groups will be added to
 	// any container.
 	// +optional
-	SupplementalGroups []types.UnixGroupID
+	SupplementalGroups []int64
 	// A special supplemental group that applies to all containers in a pod.
 	// Some volume types allow the Kubelet to change the ownership of that volume
 	// to be owned by the pod:
@ -2287,7 +2287,7 @@ type PodSecurityContext struct {
 	//
 	// If unset, the Kubelet will not modify the ownership and permissions of any volume.
 	// +optional
-	FSGroup *types.UnixGroupID
+	FSGroup *int64
 }
 // PodQOSClass defines the supported qos classes of Pods.
@ -3924,7 +3924,7 @@ type SecurityContext struct {
 	// May also be set in PodSecurityContext.  If set in both SecurityContext and
 	// PodSecurityContext, the value specified in SecurityContext takes precedence.
 	// +optional
-	RunAsUser *types.UnixUserID
+	RunAsUser *int64
 	// Indicates that the container must run as a non-root user.
 	// If true, the Kubelet will validate the image at runtime to ensure that it
 	// does not run as UID 0 (root) and fail to start the container if it does.
--- a/pkg/api/v1/types.go
+++ b/pkg/api/v1/types.go
@ -2548,7 +2548,7 @@ type PodSecurityContext struct {
 	// PodSecurityContext, the value specified in SecurityContext takes precedence
 	// for that container.
 	// +optional
-	RunAsUser *types.UnixUserID `json:"runAsUser,omitempty" protobuf:"varint,2,opt,name=runAsUser,casttype=k8s.io/apimachinery/pkg/types.UnixUserID"`
+	RunAsUser *int64 `json:"runAsUser,omitempty" protobuf:"varint,2,opt,name=runAsUser"`
 	// Indicates that the container must run as a non-root user.
 	// If true, the Kubelet will validate the image at runtime to ensure that it
 	// does not run as UID 0 (root) and fail to start the container if it does.
@ -2561,7 +2561,7 @@ type PodSecurityContext struct {
 	// to the container's primary GID.  If unspecified, no groups will be added to
 	// any container.
 	// +optional
-	SupplementalGroups []types.UnixGroupID `json:"supplementalGroups,omitempty" protobuf:"varint,4,rep,name=supplementalGroups,casttype=k8s.io/apimachinery/pkg/types.UnixGroupID"`
+	SupplementalGroups []int64 `json:"supplementalGroups,omitempty" protobuf:"varint,4,rep,name=supplementalGroups"`
 	// A special supplemental group that applies to all containers in a pod.
 	// Some volume types allow the Kubelet to change the ownership of that volume
 	// to be owned by the pod:
@ -2572,7 +2572,7 @@ type PodSecurityContext struct {
 	//
 	// If unset, the Kubelet will not modify the ownership and permissions of any volume.
 	// +optional
-	FSGroup *types.UnixGroupID `json:"fsGroup,omitempty" protobuf:"varint,5,opt,name=fsGroup,casttype=k8s.io/apimachinery/pkg/types.UnixGroupID"`
+	FSGroup *int64 `json:"fsGroup,omitempty" protobuf:"varint,5,opt,name=fsGroup"`
 }
 // PodQOSClass defines the supported qos classes of Pods.
@ -4511,7 +4511,7 @@ type SecurityContext struct {
 	// May also be set in PodSecurityContext.  If set in both SecurityContext and
 	// PodSecurityContext, the value specified in SecurityContext takes precedence.
 	// +optional
-	RunAsUser *types.UnixUserID `json:"runAsUser,omitempty" protobuf:"varint,4,opt,name=runAsUser,casttype=k8s.io/apimachinery/pkg/types.UnixUserID"`
+	RunAsUser *int64 `json:"runAsUser,omitempty" protobuf:"varint,4,opt,name=runAsUser"`
 	// Indicates that the container must run as a non-root user.
 	// If true, the Kubelet will validate the image at runtime to ensure that it
 	// does not run as UID 0 (root) and fail to start the container if it does.
--- a/pkg/api/validation/validation_test.go
+++ b/pkg/api/validation/validation_test.go
@ -24,7 +24,6 @@ import (
 	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/intstr"
 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/apimachinery/pkg/util/validation/field"
@ -3612,10 +3611,10 @@ func TestValidatePodSpec(t *testing.T) {
 	activeDeadlineSeconds := int64(30)
 	activeDeadlineSecondsMax := int64(math.MaxInt32)
-	minUserID := types.UnixUserID(0)
+	minUserID := int64(0)
-	maxUserID := types.UnixUserID(2147483647)
+	maxUserID := int64(2147483647)
-	minGroupID := types.UnixGroupID(0)
+	minGroupID := int64(0)
-	maxGroupID := types.UnixGroupID(2147483647)
+	maxGroupID := int64(2147483647)
 	successCases := []api.PodSpec{
 		{ // Populate basic fields, leave defaults for most.
@ -3670,7 +3669,7 @@ func TestValidatePodSpec(t *testing.T) {
 		{ // Populate RunAsUser SupplementalGroups FSGroup with minID 0
 			Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
 			SecurityContext: &api.PodSecurityContext{
-				SupplementalGroups: []types.UnixGroupID{minGroupID},
+				SupplementalGroups: []int64{minGroupID},
 				RunAsUser:          &minUserID,
 				FSGroup:            &minGroupID,
 			},
@ -3680,7 +3679,7 @@ func TestValidatePodSpec(t *testing.T) {
 		{ // Populate RunAsUser SupplementalGroups FSGroup with maxID 2147483647
 			Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
 			SecurityContext: &api.PodSecurityContext{
-				SupplementalGroups: []types.UnixGroupID{maxGroupID},
+				SupplementalGroups: []int64{maxGroupID},
 				RunAsUser:          &maxUserID,
 				FSGroup:            &maxGroupID,
 			},
@ -3735,10 +3734,10 @@ func TestValidatePodSpec(t *testing.T) {
 	activeDeadlineSeconds = int64(0)
 	activeDeadlineSecondsTooLarge := int64(math.MaxInt32 + 1)
-	minUserID = types.UnixUserID(-1)
+	minUserID = int64(-1)
-	maxUserID = types.UnixUserID(2147483648)
+	maxUserID = int64(2147483648)
-	minGroupID = types.UnixGroupID(-1)
+	minGroupID = int64(-1)
-	maxGroupID = types.UnixGroupID(2147483648)
+	maxGroupID = int64(2147483648)
 	failureCases := map[string]api.PodSpec{
 		"bad volume": {
@ -3812,7 +3811,7 @@ func TestValidatePodSpec(t *testing.T) {
 			Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
 			SecurityContext: &api.PodSecurityContext{
 				HostNetwork:        false,
-				SupplementalGroups: []types.UnixGroupID{maxGroupID, 1234},
+				SupplementalGroups: []int64{maxGroupID, 1234},
 			},
 			RestartPolicy: api.RestartPolicyAlways,
 			DNSPolicy:     api.DNSClusterFirst,
@ -3821,7 +3820,7 @@ func TestValidatePodSpec(t *testing.T) {
 			Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}},
 			SecurityContext: &api.PodSecurityContext{
 				HostNetwork:        false,
-				SupplementalGroups: []types.UnixGroupID{minGroupID, 1234},
+				SupplementalGroups: []int64{minGroupID, 1234},
 			},
 			RestartPolicy: api.RestartPolicyAlways,
 			DNSPolicy:     api.DNSClusterFirst,
@ -9582,7 +9581,7 @@ func TestValidateTLSSecret(t *testing.T) {
 func TestValidateSecurityContext(t *testing.T) {
 	priv := false
-	runAsUser := types.UnixUserID(1)
+	runAsUser := int64(1)
 	fullValidSC := func() *api.SecurityContext {
 		return &api.SecurityContext{
 			Privileged: &priv,
@ -9634,7 +9633,7 @@ func TestValidateSecurityContext(t *testing.T) {
 	privRequestWithGlobalDeny.Privileged = &requestPrivileged
 	negativeRunAsUser := fullValidSC()
-	negativeUser := types.UnixUserID(-1)
+	negativeUser := int64(-1)
 	negativeRunAsUser.RunAsUser = &negativeUser
 	errorCases := map[string]struct {
--- a/pkg/apis/extensions/types.go
+++ b/pkg/apis/extensions/types.go
@ -31,7 +31,6 @@ package extensions
 import (
 	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/intstr"
 	"k8s.io/kubernetes/pkg/api"
 )
@ -980,17 +979,17 @@ type RunAsUserStrategyOptions struct {
 // UserIDRange provides a min/max of an allowed range of UserIDs.
 type UserIDRange struct {
 	// Min is the start of the range, inclusive.
-	Min types.UnixUserID
+	Min int64
 	// Max is the end of the range, inclusive.
-	Max types.UnixUserID
+	Max int64
 }
 // GroupIDRange provides a min/max of an allowed range of GroupIDs.
 type GroupIDRange struct {
 	// Min is the start of the range, inclusive.
-	Min types.UnixGroupID
+	Min int64
 	// Max is the end of the range, inclusive.
-	Max types.UnixGroupID
+	Max int64
 }
 // RunAsUserStrategy denotes strategy types for generating RunAsUser values for a
--- a/pkg/kubelet/dockershim/securitycontext/provider_test.go
+++ b/pkg/kubelet/dockershim/securitycontext/provider_test.go
@ -23,14 +23,13 @@ import (
 	"testing"
 	dockercontainer "github.com/docker/engine-api/types/container"
 	"k8s.io/apimachinery/pkg/types"
 	apitesting "k8s.io/kubernetes/pkg/api/testing"
 	"k8s.io/kubernetes/pkg/api/v1"
 )
 func TestModifyContainerConfig(t *testing.T) {
-	userID := types.UnixUserID(123)
+	userID := int64(123)
-	overrideUserID := types.UnixUserID(321)
+	overrideUserID := int64(321)
 	cases := []struct {
 		name     string
@ -177,7 +176,7 @@ func TestModifyHostConfig(t *testing.T) {
 func TestModifyHostConfigPodSecurityContext(t *testing.T) {
 	supplementalGroupsSC := &v1.PodSecurityContext{}
-	supplementalGroupsSC.SupplementalGroups = []types.UnixGroupID{2222}
+	supplementalGroupsSC.SupplementalGroups = []int64{2222}
 	supplementalGroupHC := fullValidHostConfig()
 	supplementalGroupHC.GroupAdd = []string{"2222"}
 	fsGroupHC := fullValidHostConfig()
@ -186,7 +185,7 @@ func TestModifyHostConfigPodSecurityContext(t *testing.T) {
 	extraSupplementalGroupHC.GroupAdd = []string{"1234"}
 	bothHC := fullValidHostConfig()
 	bothHC.GroupAdd = []string{"2222", "1234"}
-	fsGroup := types.UnixGroupID(1234)
+	fsGroup := int64(1234)
 	extraSupplementalGroup := []int64{1234}
 	testCases := map[string]struct {
@ -211,7 +210,7 @@ func TestModifyHostConfigPodSecurityContext(t *testing.T) {
 		},
 		"FSGroup + SupplementalGroups": {
 			securityContext: &v1.PodSecurityContext{
-				SupplementalGroups: []types.UnixGroupID{2222},
+				SupplementalGroups: []int64{2222},
 				FSGroup:            &fsGroup,
 			},
 			expected:                bothHC,
--- a/pkg/kubelet/kubelet_volumes_test.go
+++ b/pkg/kubelet/kubelet_volumes_test.go
@ -453,10 +453,10 @@ func (f *stubVolume) CanMount() error {
 	return nil
 }
-func (f *stubVolume) SetUp(fsGroup *types.UnixGroupID) error {
+func (f *stubVolume) SetUp(fsGroup *int64) error {
 	return nil
 }
-func (f *stubVolume) SetUpAt(dir string, fsGroup *types.UnixGroupID) error {
+func (f *stubVolume) SetUpAt(dir string, fsGroup *int64) error {
 	return nil
 }
--- a/pkg/kubelet/kuberuntime/kuberuntime_container_test.go
+++ b/pkg/kubelet/kuberuntime/kuberuntime_container_test.go
@ -24,7 +24,6 @@ import (
 	"github.com/stretchr/testify/assert"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/kubernetes/pkg/api/v1"
 	runtimeapi "k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime"
 	kubecontainer "k8s.io/kubernetes/pkg/kubelet/container"
@ -227,7 +226,7 @@ func TestGenerateContainerConfig(t *testing.T) {
 	assert.NoError(t, err)
 	assert.Equal(t, expectedConfig, containerConfig, "generate container config for kubelet runtime v1.")
-	runAsUser := types.UnixUserID(0)
+	runAsUser := int64(0)
 	runAsNonRootTrue := true
 	podWithContainerSecurityContext := &v1.Pod{
 		ObjectMeta: metav1.ObjectMeta{
--- a/pkg/kubelet/kuberuntime/security_context_test.go
+++ b/pkg/kubelet/kuberuntime/security_context_test.go
@ -18,7 +18,6 @@ package kuberuntime
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/kubernetes/pkg/api/v1"
 	"github.com/stretchr/testify/assert"
@ -45,7 +44,7 @@ func TestVerifyRunAsNonRoot(t *testing.T) {
 		},
 	}
-	rootUser := types.UnixUserID(0)
+	rootUser := int64(0)
 	runAsNonRootTrue := true
 	runAsNonRootFalse := false
 	imageRootUser := int64(0)
--- a/pkg/kubelet/rkt/rkt_test.go
+++ b/pkg/kubelet/rkt/rkt_test.go
@ -983,10 +983,10 @@ func TestSetApp(t *testing.T) {
 	}
 	defer os.RemoveAll(tmpDir)
-	rootUser := kubetypes.UnixUserID(0)
+	rootUser := int64(0)
-	nonRootUser := kubetypes.UnixUserID(42)
+	nonRootUser := int64(42)
 	runAsNonRootTrue := true
-	fsgid := kubetypes.UnixGroupID(3)
+	fsgid := int64(3)
 	tests := []struct {
 		container        *v1.Container
@ -1092,9 +1092,9 @@ func TestSetApp(t *testing.T) {
 				RunAsNonRoot: &runAsNonRootTrue,
 			},
 			podCtx: &v1.PodSecurityContext{
-				SupplementalGroups: []kubetypes.UnixGroupID{
+				SupplementalGroups: []int64{
-					kubetypes.UnixGroupID(1),
+					int64(1),
-					kubetypes.UnixGroupID(2),
+					int64(2),
 				},
 				FSGroup: &fsgid,
 			},
@ -1157,9 +1157,9 @@ func TestSetApp(t *testing.T) {
 				RunAsNonRoot: &runAsNonRootTrue,
 			},
 			podCtx: &v1.PodSecurityContext{
-				SupplementalGroups: []kubetypes.UnixGroupID{
+				SupplementalGroups: []int64{
-					kubetypes.UnixGroupID(1),
+					int64(1),
-					kubetypes.UnixGroupID(2),
+					int64(2),
 				},
 				FSGroup: &fsgid,
 			},
--- a/pkg/kubelet/volumemanager/volume_manager_test.go
+++ b/pkg/kubelet/volumemanager/volume_manager_test.go
@ -24,7 +24,6 @@ import (
 	"time"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	kubetypes "k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/client-go/tools/record"
 	utiltesting "k8s.io/client-go/util/testing"
@ -239,7 +238,7 @@ func createObjects() (*v1.Node, *v1.Pod, *v1.PersistentVolume, *v1.PersistentVol
 				},
 			},
 			SecurityContext: &v1.PodSecurityContext{
-				SupplementalGroups: []kubetypes.UnixGroupID{555},
+				SupplementalGroups: []int64{555},
 			},
 		},
 	}
--- a/pkg/security/podsecuritypolicy/group/mustrunas.go
+++ b/pkg/security/podsecuritypolicy/group/mustrunas.go
@ -19,7 +19,6 @@ package group
 import (
 	"fmt"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	"k8s.io/kubernetes/pkg/api"
 	"k8s.io/kubernetes/pkg/apis/extensions"
@ -47,14 +46,14 @@ func NewMustRunAs(ranges []extensions.GroupIDRange, field string) (GroupStrategy
 // Generate creates the group based on policy rules.  By default this returns the first group of the
 // first range (min val).
-func (s *mustRunAs) Generate(pod *api.Pod) ([]types.UnixGroupID, error) {
+func (s *mustRunAs) Generate(pod *api.Pod) ([]int64, error) {
-	return []types.UnixGroupID{s.ranges[0].Min}, nil
+	return []int64{s.ranges[0].Min}, nil
 }
 // Generate a single value to be applied.  This is used for FSGroup.  This strategy will return
 // the first group of the first range (min val).
-func (s *mustRunAs) GenerateSingle(pod *api.Pod) (*types.UnixGroupID, error) {
+func (s *mustRunAs) GenerateSingle(pod *api.Pod) (*int64, error) {
-	single := new(types.UnixGroupID)
+	single := new(int64)
 	*single = s.ranges[0].Min
 	return single, nil
 }
@ -62,7 +61,7 @@ func (s *mustRunAs) GenerateSingle(pod *api.Pod) (*types.UnixGroupID, error) {
 // Validate ensures that the specified values fall within the range of the strategy.
 // Groups are passed in here to allow this strategy to support multiple group fields (fsgroup and
 // supplemental groups).
-func (s *mustRunAs) Validate(pod *api.Pod, groups []types.UnixGroupID) field.ErrorList {
+func (s *mustRunAs) Validate(pod *api.Pod, groups []int64) field.ErrorList {
 	allErrs := field.ErrorList{}
 	if pod.Spec.SecurityContext == nil {
@ -84,7 +83,7 @@ func (s *mustRunAs) Validate(pod *api.Pod, groups []types.UnixGroupID) field.Err
 	return allErrs
 }
-func (s *mustRunAs) isGroupValid(group types.UnixGroupID) bool {
+func (s *mustRunAs) isGroupValid(group int64) bool {
 	for _, rng := range s.ranges {
 		if psputil.GroupFallsInRange(group, rng) {
 			return true
--- a/pkg/security/podsecuritypolicy/group/mustrunas_test.go
+++ b/pkg/security/podsecuritypolicy/group/mustrunas_test.go
@ -19,7 +19,6 @@ package group
 import (
 	"testing"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/kubernetes/pkg/api"
 	"k8s.io/kubernetes/pkg/apis/extensions"
 )
@ -54,26 +53,26 @@ func TestMustRunAsOptions(t *testing.T) {
 func TestGenerate(t *testing.T) {
 	tests := map[string]struct {
 		ranges   []extensions.GroupIDRange
-		expected []types.UnixGroupID
+		expected []int64
 	}{
 		"multi value": {
 			ranges: []extensions.GroupIDRange{
 				{Min: 1, Max: 2},
 			},
-			expected: []types.UnixGroupID{1},
+			expected: []int64{1},
 		},
 		"single value": {
 			ranges: []extensions.GroupIDRange{
 				{Min: 1, Max: 1},
 			},
-			expected: []types.UnixGroupID{1},
+			expected: []int64{1},
 		},
 		"multi range": {
 			ranges: []extensions.GroupIDRange{
 				{Min: 1, Max: 1},
 				{Min: 2, Max: 500},
 			},
-			expected: []types.UnixGroupID{1},
+			expected: []int64{1},
 		},
 	}
@ -121,7 +120,7 @@ func TestValidate(t *testing.T) {
 	tests := map[string]struct {
 		ranges []extensions.GroupIDRange
 		pod    *api.Pod
-		groups []types.UnixGroupID
+		groups []int64
 		pass   bool
 	}{
 		"nil security context": {
@ -138,7 +137,7 @@ func TestValidate(t *testing.T) {
 		},
 		"not in range": {
 			pod:    validPod(),
-			groups: []types.UnixGroupID{5},
+			groups: []int64{5},
 			ranges: []extensions.GroupIDRange{
 				{Min: 1, Max: 3},
 				{Min: 4, Max: 4},
@ -146,7 +145,7 @@ func TestValidate(t *testing.T) {
 		},
 		"in range 1": {
 			pod:    validPod(),
-			groups: []types.UnixGroupID{2},
+			groups: []int64{2},
 			ranges: []extensions.GroupIDRange{
 				{Min: 1, Max: 3},
 			},
@ -154,7 +153,7 @@ func TestValidate(t *testing.T) {
 		},
 		"in range boundry min": {
 			pod:    validPod(),
-			groups: []types.UnixGroupID{1},
+			groups: []int64{1},
 			ranges: []extensions.GroupIDRange{
 				{Min: 1, Max: 3},
 			},
@ -162,7 +161,7 @@ func TestValidate(t *testing.T) {
 		},
 		"in range boundry max": {
 			pod:    validPod(),
-			groups: []types.UnixGroupID{3},
+			groups: []int64{3},
 			ranges: []extensions.GroupIDRange{
 				{Min: 1, Max: 3},
 			},
@ -170,7 +169,7 @@ func TestValidate(t *testing.T) {
 		},
 		"singular range": {
 			pod:    validPod(),
-			groups: []types.UnixGroupID{4},
+			groups: []int64{4},
 			ranges: []extensions.GroupIDRange{
 				{Min: 4, Max: 4},
 			},
--- a/pkg/security/podsecuritypolicy/group/runasany.go
+++ b/pkg/security/podsecuritypolicy/group/runasany.go
@ -17,7 +17,6 @@ limitations under the License.
 package group
 import (
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	"k8s.io/kubernetes/pkg/api"
 )
@ -34,17 +33,17 @@ func NewRunAsAny() (GroupStrategy, error) {
 }
 // Generate creates the group based on policy rules.  This strategy returns an empty slice.
-func (s *runAsAny) Generate(pod *api.Pod) ([]types.UnixGroupID, error) {
+func (s *runAsAny) Generate(pod *api.Pod) ([]int64, error) {
-	return []types.UnixGroupID{}, nil
+	return []int64{}, nil
 }
 // Generate a single value to be applied.  This is used for FSGroup.  This strategy returns nil.
-func (s *runAsAny) GenerateSingle(pod *api.Pod) (*types.UnixGroupID, error) {
+func (s *runAsAny) GenerateSingle(pod *api.Pod) (*int64, error) {
 	return nil, nil
 }
 // Validate ensures that the specified values fall within the range of the strategy.
-func (s *runAsAny) Validate(pod *api.Pod, groups []types.UnixGroupID) field.ErrorList {
+func (s *runAsAny) Validate(pod *api.Pod, groups []int64) field.ErrorList {
 	return field.ErrorList{}
 }
--- a/pkg/security/podsecuritypolicy/group/types.go
+++ b/pkg/security/podsecuritypolicy/group/types.go
@ -17,7 +17,6 @@ limitations under the License.
 package group
 import (
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	"k8s.io/kubernetes/pkg/api"
 )
@ -27,10 +26,10 @@ type GroupStrategy interface {
 	// Generate creates the group based on policy rules.  The underlying implementation can
 	// decide whether it will return a full range of values or a subset of values from the
 	// configured ranges.
-	Generate(pod *api.Pod) ([]types.UnixGroupID, error)
+	Generate(pod *api.Pod) ([]int64, error)
 	// Generate a single value to be applied.  The underlying implementation decides which
 	// value to return if configured with multiple ranges.  This is used for FSGroup.
-	GenerateSingle(pod *api.Pod) (*types.UnixGroupID, error)
+	GenerateSingle(pod *api.Pod) (*int64, error)
 	// Validate ensures that the specified values fall within the range of the strategy.
-	Validate(pod *api.Pod, groups []types.UnixGroupID) field.ErrorList
+	Validate(pod *api.Pod, groups []int64) field.ErrorList
 }
--- a/pkg/security/podsecuritypolicy/provider.go
+++ b/pkg/security/podsecuritypolicy/provider.go
@ -19,7 +19,6 @@ package podsecuritypolicy
 import (
 	"fmt"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	"k8s.io/kubernetes/pkg/api"
 	"k8s.io/kubernetes/pkg/apis/extensions"
@ -195,7 +194,7 @@ func (s *simpleProvider) ValidatePodSecurityContext(pod *api.Pod, fldPath *field
 		return allErrs
 	}
-	fsGroups := []types.UnixGroupID{}
+	fsGroups := []int64{}
 	if pod.Spec.SecurityContext.FSGroup != nil {
 		fsGroups = append(fsGroups, *pod.Spec.SecurityContext.FSGroup)
 	}
--- a/pkg/security/podsecuritypolicy/provider_test.go
+++ b/pkg/security/podsecuritypolicy/provider_test.go
@ -25,7 +25,6 @@ import (
 	"github.com/davecgh/go-spew/spew"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/diff"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	"k8s.io/kubernetes/pkg/api"
@ -134,7 +133,7 @@ func TestCreateContainerSecurityContextNonmutating(t *testing.T) {
 		// Create a PSP with strategies that will populate a blank security context
 		createPSP := func() *extensions.PodSecurityPolicy {
-			uid := types.UnixUserID(1)
+			uid := int64(1)
 			return &extensions.PodSecurityPolicy{
 				ObjectMeta: metav1.ObjectMeta{
 					Name: "psp-sa",
@ -206,7 +205,7 @@ func TestValidatePodSecurityContextFailures(t *testing.T) {
 	failHostIPCPod.Spec.SecurityContext.HostIPC = true
 	failSupplementalGroupPod := defaultPod()
-	failSupplementalGroupPod.Spec.SecurityContext.SupplementalGroups = []types.UnixGroupID{999}
+	failSupplementalGroupPod.Spec.SecurityContext.SupplementalGroups = []int64{999}
 	failSupplementalGroupPSP := defaultPSP()
 	failSupplementalGroupPSP.Spec.SupplementalGroups = extensions.SupplementalGroupsStrategyOptions{
 		Rule: extensions.SupplementalGroupsStrategyMustRunAs,
@ -216,7 +215,7 @@ func TestValidatePodSecurityContextFailures(t *testing.T) {
 	}
 	failFSGroupPod := defaultPod()
-	fsGroup := types.UnixGroupID(999)
+	fsGroup := int64(999)
 	failFSGroupPod.Spec.SecurityContext.FSGroup = &fsGroup
 	failFSGroupPSP := defaultPSP()
 	failFSGroupPSP.Spec.FSGroup = extensions.FSGroupStrategyOptions{
@ -383,8 +382,8 @@ func TestValidatePodSecurityContextFailures(t *testing.T) {
 func TestValidateContainerSecurityContextFailures(t *testing.T) {
 	// fail user strat
 	failUserPSP := defaultPSP()
-	uid := types.UnixUserID(999)
+	uid := int64(999)
-	badUID := types.UnixUserID(1)
+	badUID := int64(1)
 	failUserPSP.Spec.RunAsUser = extensions.RunAsUserStrategyOptions{
 		Rule:   extensions.RunAsUserStrategyMustRunAs,
 		Ranges: []extensions.UserIDRange{{Min: uid, Max: uid}},
@ -547,7 +546,7 @@ func TestValidatePodSecurityContextSuccess(t *testing.T) {
 		},
 	}
 	supGroupPod := defaultPod()
-	supGroupPod.Spec.SecurityContext.SupplementalGroups = []types.UnixGroupID{3}
+	supGroupPod.Spec.SecurityContext.SupplementalGroups = []int64{3}
 	fsGroupPSP := defaultPSP()
 	fsGroupPSP.Spec.FSGroup = extensions.FSGroupStrategyOptions{
@ -557,7 +556,7 @@ func TestValidatePodSecurityContextSuccess(t *testing.T) {
 		},
 	}
 	fsGroupPod := defaultPod()
-	fsGroup := types.UnixGroupID(3)
+	fsGroup := int64(3)
 	fsGroupPod.Spec.SecurityContext.FSGroup = &fsGroup
 	seLinuxPod := defaultPod()
@ -680,7 +679,7 @@ func TestValidateContainerSecurityContextSuccess(t *testing.T) {
 	// success user strat
 	userPSP := defaultPSP()
-	uid := types.UnixUserID(999)
+	uid := int64(999)
 	userPSP.Spec.RunAsUser = extensions.RunAsUserStrategyOptions{
 		Rule:   extensions.RunAsUserStrategyMustRunAs,
 		Ranges: []extensions.UserIDRange{{Min: uid, Max: uid}},
--- a/pkg/security/podsecuritypolicy/user/mustrunas.go
+++ b/pkg/security/podsecuritypolicy/user/mustrunas.go
@ -19,7 +19,6 @@ package user
 import (
 	"fmt"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	"k8s.io/kubernetes/pkg/api"
 	"k8s.io/kubernetes/pkg/apis/extensions"
@ -45,7 +44,7 @@ func NewMustRunAs(options *extensions.RunAsUserStrategyOptions) (RunAsUserStrate
 }
 // Generate creates the uid based on policy rules.  MustRunAs returns the first range's Min.
-func (s *mustRunAs) Generate(pod *api.Pod, container *api.Container) (*types.UnixUserID, error) {
+func (s *mustRunAs) Generate(pod *api.Pod, container *api.Container) (*int64, error) {
 	return &s.opts.Ranges[0].Min, nil
 }
@ -75,7 +74,7 @@ func (s *mustRunAs) Validate(pod *api.Pod, container *api.Container) field.Error
 	return allErrs
 }
-func (s *mustRunAs) isValidUID(id types.UnixUserID) bool {
+func (s *mustRunAs) isValidUID(id int64) bool {
 	for _, rng := range s.opts.Ranges {
 		if psputil.UserFallsInRange(id, rng) {
 			return true
--- a/pkg/security/podsecuritypolicy/user/mustrunas_test.go
+++ b/pkg/security/podsecuritypolicy/user/mustrunas_test.go
@ -20,7 +20,6 @@ import (
 	"strings"
 	"testing"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/kubernetes/pkg/api"
 	"k8s.io/kubernetes/pkg/apis/extensions"
 )
@ -85,8 +84,8 @@ func TestValidate(t *testing.T) {
 		},
 	}
-	validID := types.UnixUserID(15)
+	validID := int64(15)
-	invalidID := types.UnixUserID(21)
+	invalidID := int64(21)
 	tests := map[string]struct {
 		container   *api.Container
--- a/pkg/security/podsecuritypolicy/user/nonroot.go
+++ b/pkg/security/podsecuritypolicy/user/nonroot.go
@ -19,7 +19,6 @@ package user
 import (
 	"fmt"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	"k8s.io/kubernetes/pkg/api"
 	"k8s.io/kubernetes/pkg/apis/extensions"
@ -35,7 +34,7 @@ func NewRunAsNonRoot(options *extensions.RunAsUserStrategyOptions) (RunAsUserStr
 // Generate creates the uid based on policy rules.  This strategy does return a UID.  It assumes
 // that the user will specify a UID or the container image specifies a UID.
-func (s *nonRoot) Generate(pod *api.Pod, container *api.Container) (*types.UnixUserID, error) {
+func (s *nonRoot) Generate(pod *api.Pod, container *api.Container) (*int64, error) {
 	return nil, nil
 }
--- a/pkg/security/podsecuritypolicy/user/nonroot_test.go
+++ b/pkg/security/podsecuritypolicy/user/nonroot_test.go
@ -19,7 +19,6 @@ package user
 import (
 	"testing"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/kubernetes/pkg/api"
 	"k8s.io/kubernetes/pkg/apis/extensions"
 )
@ -50,8 +49,8 @@ func TestNonRootGenerate(t *testing.T) {
 }
 func TestNonRootValidate(t *testing.T) {
-	goodUID := types.UnixUserID(1)
+	goodUID := int64(1)
-	badUID := types.UnixUserID(0)
+	badUID := int64(0)
 	untrue := false
 	unfalse := true
 	s, err := NewRunAsNonRoot(&extensions.RunAsUserStrategyOptions{})
--- a/pkg/security/podsecuritypolicy/user/runasany.go
+++ b/pkg/security/podsecuritypolicy/user/runasany.go
@ -17,7 +17,6 @@ limitations under the License.
 package user
 import (
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	"k8s.io/kubernetes/pkg/api"
 	"k8s.io/kubernetes/pkg/apis/extensions"
@ -34,7 +33,7 @@ func NewRunAsAny(options *extensions.RunAsUserStrategyOptions) (RunAsUserStrateg
 }
 // Generate creates the uid based on policy rules.
-func (s *runAsAny) Generate(pod *api.Pod, container *api.Container) (*types.UnixUserID, error) {
+func (s *runAsAny) Generate(pod *api.Pod, container *api.Container) (*int64, error) {
 	return nil, nil
 }
--- a/pkg/security/podsecuritypolicy/user/types.go
+++ b/pkg/security/podsecuritypolicy/user/types.go
@ -17,7 +17,6 @@ limitations under the License.
 package user
 import (
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	"k8s.io/kubernetes/pkg/api"
 )
@ -25,7 +24,7 @@ import (
 // RunAsUserStrategy defines the interface for all uid constraint strategies.
 type RunAsUserStrategy interface {
 	// Generate creates the uid based on policy rules.
-	Generate(pod *api.Pod, container *api.Container) (*types.UnixUserID, error)
+	Generate(pod *api.Pod, container *api.Container) (*int64, error)
 	// Validate ensures that the specified values fall within the range of the strategy.
 	Validate(pod *api.Pod, container *api.Container) field.ErrorList
 }
--- a/pkg/security/podsecuritypolicy/util/util.go
+++ b/pkg/security/podsecuritypolicy/util/util.go
@ -20,7 +20,6 @@ import (
 	"fmt"
 	"strings"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/kubernetes/pkg/api"
 	"k8s.io/kubernetes/pkg/apis/extensions"
@ -164,12 +163,12 @@ func PSPAllowsFSType(psp *extensions.PodSecurityPolicy, fsType extensions.FSType
 }
 // UserFallsInRange is a utility to determine it the id falls in the valid range.
-func UserFallsInRange(id types.UnixUserID, rng extensions.UserIDRange) bool {
+func UserFallsInRange(id int64, rng extensions.UserIDRange) bool {
 	return id >= rng.Min && id <= rng.Max
 }
 // GroupFallsInRange is a utility to determine it the id falls in the valid range.
-func GroupFallsInRange(id types.UnixGroupID, rng extensions.GroupIDRange) bool {
+func GroupFallsInRange(id int64, rng extensions.GroupIDRange) bool {
 	return id >= rng.Min && id <= rng.Max
 }
--- a/pkg/securitycontext/util.go
+++ b/pkg/securitycontext/util.go
@ -20,7 +20,6 @@ import (
 	"fmt"
 	"strings"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/kubernetes/pkg/api"
 	"k8s.io/kubernetes/pkg/api/v1"
 )
@ -120,7 +119,7 @@ func DetermineEffectiveSecurityContext(pod *v1.Pod, container *v1.Container) *v1
 	}
 	if containerSc.RunAsUser != nil {
-		effectiveSc.RunAsUser = new(types.UnixUserID)
+		effectiveSc.RunAsUser = new(int64)
 		*effectiveSc.RunAsUser = *containerSc.RunAsUser
 	}
@ -149,7 +148,7 @@ func securityContextFromPodSecurityContext(pod *v1.Pod) *v1.SecurityContext {
 		*synthesized.SELinuxOptions = *pod.Spec.SecurityContext.SELinuxOptions
 	}
 	if pod.Spec.SecurityContext.RunAsUser != nil {
-		synthesized.RunAsUser = new(types.UnixUserID)
+		synthesized.RunAsUser = new(int64)
 		*synthesized.RunAsUser = *pod.Spec.SecurityContext.RunAsUser
 	}
@ -192,7 +191,7 @@ func InternalDetermineEffectiveSecurityContext(pod *api.Pod, container *api.Cont
 	}
 	if containerSc.RunAsUser != nil {
-		effectiveSc.RunAsUser = new(types.UnixUserID)
+		effectiveSc.RunAsUser = new(int64)
 		*effectiveSc.RunAsUser = *containerSc.RunAsUser
 	}
@ -221,7 +220,7 @@ func internalSecurityContextFromPodSecurityContext(pod *api.Pod) *api.SecurityCo
 		*synthesized.SELinuxOptions = *pod.Spec.SecurityContext.SELinuxOptions
 	}
 	if pod.Spec.SecurityContext.RunAsUser != nil {
-		synthesized.RunAsUser = new(types.UnixUserID)
+		synthesized.RunAsUser = new(int64)
 		*synthesized.RunAsUser = *pod.Spec.SecurityContext.RunAsUser
 	}
--- a/pkg/securitycontext/util_test.go
+++ b/pkg/securitycontext/util_test.go
@ -19,7 +19,6 @@ package securitycontext
 import (
 	"testing"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/kubernetes/pkg/api/v1"
 )
@ -85,13 +84,13 @@ func compareContexts(name string, ex, ac *v1.SELinuxOptions, t *testing.T) {
 	}
 }
-func containerWithUser(ptr *types.UnixUserID) *v1.Container {
+func containerWithUser(ptr *int64) *v1.Container {
 	return &v1.Container{SecurityContext: &v1.SecurityContext{RunAsUser: ptr}}
 }
 func TestHaRootUID(t *testing.T) {
-	nonRoot := types.UnixUserID(1)
+	nonRoot := int64(1)
-	root := types.UnixUserID(0)
+	root := int64(0)
 	tests := map[string]struct {
 		container *v1.Container
@ -121,7 +120,7 @@ func TestHaRootUID(t *testing.T) {
 }
 func TestHasRunAsUser(t *testing.T) {
-	runAsUser := types.UnixUserID(0)
+	runAsUser := int64(0)
 	tests := map[string]struct {
 		container *v1.Container
@ -148,8 +147,8 @@ func TestHasRunAsUser(t *testing.T) {
 }
 func TestHasRootRunAsUser(t *testing.T) {
-	nonRoot := types.UnixUserID(1)
+	nonRoot := int64(1)
-	root := types.UnixUserID(0)
+	root := int64(0)
 	tests := map[string]struct {
 		container *v1.Container
--- a/pkg/volume/aws_ebs/aws_ebs.go
+++ b/pkg/volume/aws_ebs/aws_ebs.go
@ -294,12 +294,12 @@ func (b *awsElasticBlockStoreMounter) CanMount() error {
 }
 // SetUp attaches the disk and bind mounts to the volume path.
-func (b *awsElasticBlockStoreMounter) SetUp(fsGroup *types.UnixGroupID) error {
+func (b *awsElasticBlockStoreMounter) SetUp(fsGroup *int64) error {
 	return b.SetUpAt(b.GetPath(), fsGroup)
 }
 // SetUpAt attaches the disk and bind mounts to the volume path.
-func (b *awsElasticBlockStoreMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error {
+func (b *awsElasticBlockStoreMounter) SetUpAt(dir string, fsGroup *int64) error {
 	// TODO: handle failed mounts here.
 	notMnt, err := b.mounter.IsLikelyNotMountPoint(dir)
 	glog.V(4).Infof("PersistentDisk set up: %s %v %v", dir, !notMnt, err)
--- a/pkg/volume/azure_dd/azure_dd.go
+++ b/pkg/volume/azure_dd/azure_dd.go
@ -234,12 +234,12 @@ func (b *azureDiskMounter) CanMount() error {
 }
 // SetUp attaches the disk and bind mounts to the volume path.
-func (b *azureDiskMounter) SetUp(fsGroup *types.UnixGroupID) error {
+func (b *azureDiskMounter) SetUp(fsGroup *int64) error {
 	return b.SetUpAt(b.GetPath(), fsGroup)
 }
 // SetUpAt attaches the disk and bind mounts to the volume path.
-func (b *azureDiskMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error {
+func (b *azureDiskMounter) SetUpAt(dir string, fsGroup *int64) error {
 	b.plugin.volumeLocks.LockKey(b.diskName)
 	defer b.plugin.volumeLocks.UnlockKey(b.diskName)
--- a/pkg/volume/azure_file/azure_file.go
+++ b/pkg/volume/azure_file/azure_file.go
@ -189,11 +189,11 @@ func (b *azureFileMounter) CanMount() error {
 }
 // SetUp attaches the disk and bind mounts to the volume path.
-func (b *azureFileMounter) SetUp(fsGroup *types.UnixGroupID) error {
+func (b *azureFileMounter) SetUp(fsGroup *int64) error {
 	return b.SetUpAt(b.GetPath(), fsGroup)
 }
-func (b *azureFileMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error {
+func (b *azureFileMounter) SetUpAt(dir string, fsGroup *int64) error {
 	notMnt, err := b.mounter.IsLikelyNotMountPoint(dir)
 	glog.V(4).Infof("AzureFile mount set up: %s %v %v", dir, !notMnt, err)
 	if err != nil && !os.IsNotExist(err) {
--- a/pkg/volume/cephfs/cephfs.go
+++ b/pkg/volume/cephfs/cephfs.go
@ -217,12 +217,12 @@ func (cephfsMounter *cephfsMounter) CanMount() error {
 }
 // SetUp attaches the disk and bind mounts to the volume path.
-func (cephfsVolume *cephfsMounter) SetUp(fsGroup *types.UnixGroupID) error {
+func (cephfsVolume *cephfsMounter) SetUp(fsGroup *int64) error {
 	return cephfsVolume.SetUpAt(cephfsVolume.GetPath(), fsGroup)
 }
 // SetUpAt attaches the disk and bind mounts to the volume path.
-func (cephfsVolume *cephfsMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error {
+func (cephfsVolume *cephfsMounter) SetUpAt(dir string, fsGroup *int64) error {
 	notMnt, err := cephfsVolume.mounter.IsLikelyNotMountPoint(dir)
 	glog.V(4).Infof("CephFS mount set up: %s %v %v", dir, !notMnt, err)
 	if err != nil && !os.IsNotExist(err) {
--- a/pkg/volume/cinder/cinder.go
+++ b/pkg/volume/cinder/cinder.go
@ -298,12 +298,12 @@ func (b *cinderVolumeMounter) CanMount() error {
 	return nil
 }
-func (b *cinderVolumeMounter) SetUp(fsGroup *types.UnixGroupID) error {
+func (b *cinderVolumeMounter) SetUp(fsGroup *int64) error {
 	return b.SetUpAt(b.GetPath(), fsGroup)
 }
 // SetUp bind mounts to the volume path.
-func (b *cinderVolumeMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error {
+func (b *cinderVolumeMounter) SetUpAt(dir string, fsGroup *int64) error {
 	glog.V(5).Infof("Cinder SetUp %s to %s", b.pdName, dir)
 	b.plugin.volumeLocks.LockKey(b.pdName)
--- a/pkg/volume/configmap/configmap.go
+++ b/pkg/volume/configmap/configmap.go
@ -179,11 +179,11 @@ func (b *configMapVolumeMounter) CanMount() error {
 	return nil
 }
-func (b *configMapVolumeMounter) SetUp(fsGroup *types.UnixGroupID) error {
+func (b *configMapVolumeMounter) SetUp(fsGroup *int64) error {
 	return b.SetUpAt(b.GetPath(), fsGroup)
 }
-func (b *configMapVolumeMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error {
+func (b *configMapVolumeMounter) SetUpAt(dir string, fsGroup *int64) error {
 	glog.V(3).Infof("Setting up volume %v for pod %v at %v", b.volName, b.pod.UID, dir)
 	// Wrap EmptyDir, let it do the setup.
--- a/pkg/volume/configmap/configmap_test.go
+++ b/pkg/volume/configmap/configmap_test.go
@ -333,7 +333,7 @@ func TestPlugin(t *testing.T) {
 		t.Errorf("Got unexpected path: %s", volumePath)
 	}
-	fsGroup := types.UnixGroupID(1001)
+	fsGroup := int64(1001)
 	err = mounter.SetUp(&fsGroup)
 	if err != nil {
 		t.Errorf("Failed to setup volume: %v", err)
@ -391,7 +391,7 @@ func TestPluginReboot(t *testing.T) {
 		t.Errorf("Got unexpected path: %s", volumePath)
 	}
-	fsGroup := types.UnixGroupID(1001)
+	fsGroup := int64(1001)
 	err = mounter.SetUp(&fsGroup)
 	if err != nil {
 		t.Errorf("Failed to setup volume: %v", err)
@ -453,7 +453,7 @@ func TestPluginOptional(t *testing.T) {
 		t.Errorf("Got unexpected path: %s", volumePath)
 	}
-	fsGroup := types.UnixGroupID(1001)
+	fsGroup := int64(1001)
 	err = mounter.SetUp(&fsGroup)
 	if err != nil {
 		t.Errorf("Failed to setup volume: %v", err)
@ -528,7 +528,7 @@ func TestPluginKeysOptional(t *testing.T) {
 		t.Errorf("Got unexpected path: %s", volumePath)
 	}
-	fsGroup := types.UnixGroupID(1001)
+	fsGroup := int64(1001)
 	err = mounter.SetUp(&fsGroup)
 	if err != nil {
 		t.Errorf("Failed to setup volume: %v", err)
--- a/pkg/volume/downwardapi/downwardapi.go
+++ b/pkg/volume/downwardapi/downwardapi.go
@ -168,11 +168,11 @@ func (b *downwardAPIVolumeMounter) CanMount() error {
 // This function is not idempotent by design. We want the data to be refreshed periodically.
 // The internal sync interval of kubelet will drive the refresh of data.
 // TODO: Add volume specific ticker and refresh loop
-func (b *downwardAPIVolumeMounter) SetUp(fsGroup *types.UnixGroupID) error {
+func (b *downwardAPIVolumeMounter) SetUp(fsGroup *int64) error {
 	return b.SetUpAt(b.GetPath(), fsGroup)
 }
-func (b *downwardAPIVolumeMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error {
+func (b *downwardAPIVolumeMounter) SetUpAt(dir string, fsGroup *int64) error {
 	glog.V(3).Infof("Setting up a downwardAPI volume %v for pod %v/%v at %v", b.volName, b.pod.Namespace, b.pod.Name, dir)
 	// Wrap EmptyDir. Here we rely on the idempotency of the wrapped plugin to avoid repeatedly mounting
 	wrapped, err := b.plugin.host.NewWrapperMounter(b.volName, wrappedVolumeSpec(), b.pod, *b.opts)
--- a/pkg/volume/empty_dir/empty_dir.go
+++ b/pkg/volume/empty_dir/empty_dir.go
@ -191,12 +191,12 @@ func (b *emptyDir) CanMount() error {
 }
 // SetUp creates new directory.
-func (ed *emptyDir) SetUp(fsGroup *types.UnixGroupID) error {
+func (ed *emptyDir) SetUp(fsGroup *int64) error {
 	return ed.SetUpAt(ed.GetPath(), fsGroup)
 }
 // SetUpAt creates new directory.
-func (ed *emptyDir) SetUpAt(dir string, fsGroup *types.UnixGroupID) error {
+func (ed *emptyDir) SetUpAt(dir string, fsGroup *int64) error {
 	notMnt, err := ed.mounter.IsLikelyNotMountPoint(dir)
 	// Getting an os.IsNotExist err from is a contingency; the directory
 	// may not exist yet, in which case, setup should run.
--- a/pkg/volume/fc/disk_manager.go
+++ b/pkg/volume/fc/disk_manager.go
@ -20,7 +20,6 @@ import (
 	"os"
 	"github.com/golang/glog"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/kubernetes/pkg/util/mount"
 	"k8s.io/kubernetes/pkg/volume"
 )
@ -35,7 +34,7 @@ type diskManager interface {
 }
 // utility to mount a disk based filesystem
-func diskSetUp(manager diskManager, b fcDiskMounter, volPath string, mounter mount.Interface, fsGroup *types.UnixGroupID) error {
+func diskSetUp(manager diskManager, b fcDiskMounter, volPath string, mounter mount.Interface, fsGroup *int64) error {
 	globalPDPath := manager.MakeGlobalPDName(*b.fcDisk)
 	// TODO: handle failed mounts here.
 	noMnt, err := mounter.IsLikelyNotMountPoint(volPath)
--- a/pkg/volume/fc/fc.go
+++ b/pkg/volume/fc/fc.go
@ -204,11 +204,11 @@ func (b *fcDiskMounter) CanMount() error {
 	return nil
 }
-func (b *fcDiskMounter) SetUp(fsGroup *types.UnixGroupID) error {
+func (b *fcDiskMounter) SetUp(fsGroup *int64) error {
 	return b.SetUpAt(b.GetPath(), fsGroup)
 }
-func (b *fcDiskMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error {
+func (b *fcDiskMounter) SetUpAt(dir string, fsGroup *int64) error {
 	// diskSetUp checks mountpoints and prevent repeated calls
 	err := diskSetUp(b.manager, *b, dir, b.mounter, fsGroup)
 	if err != nil {
--- a/pkg/volume/flexvolume/mounter-defaults.go
+++ b/pkg/volume/flexvolume/mounter-defaults.go
@ -21,7 +21,6 @@ import (
 	"github.com/golang/glog"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/kubernetes/pkg/volume"
 )
@ -29,7 +28,7 @@ type mounterDefaults flexVolumeMounter
 // SetUpAt is part of the volume.Mounter interface.
 // This implementation relies on the attacher's device mount path and does a bind mount to dir.
-func (f *mounterDefaults) SetUpAt(dir string, fsGroup *types.UnixGroupID) error {
+func (f *mounterDefaults) SetUpAt(dir string, fsGroup *int64) error {
 	glog.Warning(logPrefix(f.plugin), "using default SetUpAt to ", dir)
 	a, err := f.plugin.NewAttacher()
--- a/pkg/volume/flexvolume/mounter.go
+++ b/pkg/volume/flexvolume/mounter.go
@ -19,7 +19,6 @@ package flexvolume
 import (
 	"strconv"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/kubernetes/pkg/util/exec"
 	"k8s.io/kubernetes/pkg/util/mount"
 	"k8s.io/kubernetes/pkg/volume"
@ -44,12 +43,12 @@ var _ volume.Mounter = &flexVolumeMounter{}
 // Mounter interface
 // SetUp creates new directory.
-func (f *flexVolumeMounter) SetUp(fsGroup *types.UnixGroupID) error {
+func (f *flexVolumeMounter) SetUp(fsGroup *int64) error {
 	return f.SetUpAt(f.GetPath(), fsGroup)
 }
 // SetUpAt creates new directory.
-func (f *flexVolumeMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error {
+func (f *flexVolumeMounter) SetUpAt(dir string, fsGroup *int64) error {
 	// Mount only once.
 	alreadyMounted, err := prepareForMount(f.mounter, dir)
 	if err != nil {
--- a/pkg/volume/flexvolume/mounter_test.go
+++ b/pkg/volume/flexvolume/mounter_test.go
@ -67,6 +67,6 @@ func TestSetUpAt(t *testing.T) {
 	m, _ := plugin.newMounterInternal(spec, pod, mounter, plugin.runner)
 	m.SetUpAt(rootDir+"/mount-dir", nil)
-	fsGroup := types.UnixGroupID(42)
+	fsGroup := int64(42)
 	m.SetUpAt(rootDir+"/mount-dir", &fsGroup)
 }
--- a/pkg/volume/flocker/flocker.go
+++ b/pkg/volume/flocker/flocker.go
@ -232,7 +232,7 @@ func (b *flockerVolumeMounter) GetPath() string {
 }
 // SetUp bind mounts the disk global mount to the volume path.
-func (b *flockerVolumeMounter) SetUp(fsGroup *types.UnixGroupID) error {
+func (b *flockerVolumeMounter) SetUp(fsGroup *int64) error {
 	return b.SetUpAt(b.GetPath(), fsGroup)
 }
@ -274,7 +274,7 @@ control service:
   need to update the Primary UUID for this volume.
 5. Wait until the Primary UUID was updated or timeout.
 */
-func (b *flockerVolumeMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error {
+func (b *flockerVolumeMounter) SetUpAt(dir string, fsGroup *int64) error {
 	var err error
 	if b.flockerClient == nil {
 		b.flockerClient, err = b.newFlockerClient()
--- a/pkg/volume/gce_pd/gce_pd.go
+++ b/pkg/volume/gce_pd/gce_pd.go
@ -257,12 +257,12 @@ func (b *gcePersistentDiskMounter) CanMount() error {
 }
 // SetUp bind mounts the disk global mount to the volume path.
-func (b *gcePersistentDiskMounter) SetUp(fsGroup *types.UnixGroupID) error {
+func (b *gcePersistentDiskMounter) SetUp(fsGroup *int64) error {
 	return b.SetUpAt(b.GetPath(), fsGroup)
 }
 // SetUp bind mounts the disk global mount to the give volume path.
-func (b *gcePersistentDiskMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error {
+func (b *gcePersistentDiskMounter) SetUpAt(dir string, fsGroup *int64) error {
 	// TODO: handle failed mounts here.
 	notMnt, err := b.mounter.IsLikelyNotMountPoint(dir)
 	glog.V(4).Infof("GCE PersistentDisk set up: Dir (%s) PD name (%q) Mounted (%t) Error (%v), ReadOnly (%t)", dir, b.pdName, !notMnt, err, b.readOnly)
--- a/pkg/volume/git_repo/git_repo.go
+++ b/pkg/volume/git_repo/git_repo.go
@ -171,12 +171,12 @@ func (b *gitRepoVolumeMounter) CanMount() error {
 }
 // SetUp creates new directory and clones a git repo.
-func (b *gitRepoVolumeMounter) SetUp(fsGroup *types.UnixGroupID) error {
+func (b *gitRepoVolumeMounter) SetUp(fsGroup *int64) error {
 	return b.SetUpAt(b.GetPath(), fsGroup)
 }
 // SetUpAt creates new directory and clones a git repo.
-func (b *gitRepoVolumeMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error {
+func (b *gitRepoVolumeMounter) SetUpAt(dir string, fsGroup *int64) error {
 	if volumeutil.IsReady(b.getMetaDir()) {
 		return nil
 	}
--- a/pkg/volume/glusterfs/glusterfs.go
+++ b/pkg/volume/glusterfs/glusterfs.go
@ -252,11 +252,11 @@ func (b *glusterfsMounter) CanMount() error {
 }
 // SetUp attaches the disk and bind mounts to the volume path.
-func (b *glusterfsMounter) SetUp(fsGroup *types.UnixGroupID) error {
+func (b *glusterfsMounter) SetUp(fsGroup *int64) error {
 	return b.SetUpAt(b.GetPath(), fsGroup)
 }
-func (b *glusterfsMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error {
+func (b *glusterfsMounter) SetUpAt(dir string, fsGroup *int64) error {
 	notMnt, err := b.mounter.IsLikelyNotMountPoint(dir)
 	glog.V(4).Infof("glusterfs: mount set up: %s %v %v", dir, !notMnt, err)
 	if err != nil && !os.IsNotExist(err) {
--- a/pkg/volume/host_path/host_path.go
+++ b/pkg/volume/host_path/host_path.go
@ -206,7 +206,7 @@ func (b *hostPathMounter) CanMount() error {
 }
 // SetUp does nothing.
-func (b *hostPathMounter) SetUp(fsGroup *types.UnixGroupID) error {
+func (b *hostPathMounter) SetUp(fsGroup *int64) error {
 	err := validation.ValidatePathNoBacksteps(b.GetPath())
 	if err != nil {
 		return fmt.Errorf("invalid HostPath `%s`: %v", b.GetPath(), err)
@ -215,7 +215,7 @@ func (b *hostPathMounter) SetUp(fsGroup *types.UnixGroupID) error {
 }
 // SetUpAt does not make sense for host paths - probably programmer error.
-func (b *hostPathMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error {
+func (b *hostPathMounter) SetUpAt(dir string, fsGroup *int64) error {
 	return fmt.Errorf("SetUpAt() does not make sense for host paths")
 }
--- a/pkg/volume/iscsi/disk_manager.go
+++ b/pkg/volume/iscsi/disk_manager.go
@ -20,7 +20,6 @@ import (
 	"os"
 	"github.com/golang/glog"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/kubernetes/pkg/util/mount"
 	"k8s.io/kubernetes/pkg/volume"
 )
@ -35,7 +34,7 @@ type diskManager interface {
 }
 // utility to mount a disk based filesystem
-func diskSetUp(manager diskManager, b iscsiDiskMounter, volPath string, mounter mount.Interface, fsGroup *types.UnixGroupID) error {
+func diskSetUp(manager diskManager, b iscsiDiskMounter, volPath string, mounter mount.Interface, fsGroup *int64) error {
 	globalPDPath := manager.MakeGlobalPDName(*b.iscsiDisk)
 	// TODO: handle failed mounts here.
 	notMnt, err := mounter.IsLikelyNotMountPoint(volPath)
--- a/pkg/volume/iscsi/iscsi.go
+++ b/pkg/volume/iscsi/iscsi.go
@ -236,11 +236,11 @@ func (b *iscsiDiskMounter) CanMount() error {
 	return nil
 }
-func (b *iscsiDiskMounter) SetUp(fsGroup *types.UnixGroupID) error {
+func (b *iscsiDiskMounter) SetUp(fsGroup *int64) error {
 	return b.SetUpAt(b.GetPath(), fsGroup)
 }
-func (b *iscsiDiskMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error {
+func (b *iscsiDiskMounter) SetUpAt(dir string, fsGroup *int64) error {
 	// diskSetUp checks mountpoints and prevent repeated calls
 	err := diskSetUp(b.manager, *b, dir, b.mounter, fsGroup)
 	if err != nil {
--- a/pkg/volume/local/local.go
+++ b/pkg/volume/local/local.go
@ -181,12 +181,12 @@ func (m *localVolumeMounter) CanMount() error {
 }
 // SetUp bind mounts the directory to the volume path
-func (m *localVolumeMounter) SetUp(fsGroup *types.UnixGroupID) error {
+func (m *localVolumeMounter) SetUp(fsGroup *int64) error {
 	return m.SetUpAt(m.GetPath(), fsGroup)
 }
 // SetUpAt bind mounts the directory to the volume path and sets up volume ownership
-func (m *localVolumeMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error {
+func (m *localVolumeMounter) SetUpAt(dir string, fsGroup *int64) error {
 	if m.globalPath == "" {
 		err := fmt.Errorf("LocalVolume volume %q path is empty", m.volName)
 		return err
--- a/pkg/volume/nfs/nfs.go
+++ b/pkg/volume/nfs/nfs.go
@ -229,11 +229,11 @@ func (b *nfsMounter) GetAttributes() volume.Attributes {
 }
 // SetUp attaches the disk and bind mounts to the volume path.
-func (b *nfsMounter) SetUp(fsGroup *types.UnixGroupID) error {
+func (b *nfsMounter) SetUp(fsGroup *int64) error {
 	return b.SetUpAt(b.GetPath(), fsGroup)
 }
-func (b *nfsMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error {
+func (b *nfsMounter) SetUpAt(dir string, fsGroup *int64) error {
 	notMnt, err := b.mounter.IsLikelyNotMountPoint(dir)
 	glog.V(4).Infof("NFS mount set up: %s %v %v", dir, !notMnt, err)
 	if err != nil && !os.IsNotExist(err) {
--- a/pkg/volume/photon_pd/photon_pd.go
+++ b/pkg/volume/photon_pd/photon_pd.go
@ -195,12 +195,12 @@ func (b *photonPersistentDiskMounter) CanMount() error {
 }
 // SetUp attaches the disk and bind mounts to the volume path.
-func (b *photonPersistentDiskMounter) SetUp(fsGroup *types.UnixGroupID) error {
+func (b *photonPersistentDiskMounter) SetUp(fsGroup *int64) error {
 	return b.SetUpAt(b.GetPath(), fsGroup)
 }
 // SetUp attaches the disk and bind mounts to the volume path.
-func (b *photonPersistentDiskMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error {
+func (b *photonPersistentDiskMounter) SetUpAt(dir string, fsGroup *int64) error {
 	glog.V(4).Infof("Photon Persistent Disk setup %s to %s", b.pdID, dir)
 	// TODO: handle failed mounts here.
--- a/pkg/volume/portworx/portworx.go
+++ b/pkg/volume/portworx/portworx.go
@ -259,12 +259,12 @@ func (b *portworxVolumeMounter) CanMount() error {
 }
 // SetUp attaches the disk and bind mounts to the volume path.
-func (b *portworxVolumeMounter) SetUp(fsGroup *types.UnixGroupID) error {
+func (b *portworxVolumeMounter) SetUp(fsGroup *int64) error {
 	return b.SetUpAt(b.GetPath(), fsGroup)
 }
 // SetUpAt attaches the disk and bind mounts to the volume path.
-func (b *portworxVolumeMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error {
+func (b *portworxVolumeMounter) SetUpAt(dir string, fsGroup *int64) error {
 	notMnt, err := b.mounter.IsLikelyNotMountPoint(dir)
 	glog.V(4).Infof("Portworx Volume set up: %s %v %v", dir, !notMnt, err)
 	if err != nil && !os.IsNotExist(err) {
--- a/pkg/volume/projected/projected.go
+++ b/pkg/volume/projected/projected.go
@ -177,11 +177,11 @@ func (s *projectedVolumeMounter) CanMount() error {
 	return nil
 }
-func (s *projectedVolumeMounter) SetUp(fsGroup *types.UnixGroupID) error {
+func (s *projectedVolumeMounter) SetUp(fsGroup *int64) error {
 	return s.SetUpAt(s.GetPath(), fsGroup)
 }
-func (s *projectedVolumeMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error {
+func (s *projectedVolumeMounter) SetUpAt(dir string, fsGroup *int64) error {
 	glog.V(3).Infof("Setting up volume %v for pod %v at %v", s.volName, s.pod.UID, dir)
 	wrapped, err := s.plugin.host.NewWrapperMounter(s.volName, wrappedVolumeSpec(), s.pod, *s.opts)
--- a/pkg/volume/quobyte/quobyte.go
+++ b/pkg/volume/quobyte/quobyte.go
@ -234,12 +234,12 @@ func (mounter *quobyteMounter) CanMount() error {
 }
 // SetUp attaches the disk and bind mounts to the volume path.
-func (mounter *quobyteMounter) SetUp(fsGroup *types.UnixGroupID) error {
+func (mounter *quobyteMounter) SetUp(fsGroup *int64) error {
 	pluginDir := mounter.plugin.host.GetPluginDir(strings.EscapeQualifiedNameForDisk(quobytePluginName))
 	return mounter.SetUpAt(pluginDir, fsGroup)
 }
-func (mounter *quobyteMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error {
+func (mounter *quobyteMounter) SetUpAt(dir string, fsGroup *int64) error {
 	// Check if Quobyte is already mounted on the host in the Plugin Dir
 	// if so we can use this mountpoint instead of creating a new one
 	// IsLikelyNotMountPoint wouldn't check the mount type
--- a/pkg/volume/rbd/disk_manager.go
+++ b/pkg/volume/rbd/disk_manager.go
@ -26,7 +26,6 @@ import (
 	"os"
 	"github.com/golang/glog"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/kubernetes/pkg/api/v1"
 	"k8s.io/kubernetes/pkg/util/mount"
 	"k8s.io/kubernetes/pkg/volume"
@ -46,7 +45,7 @@ type diskManager interface {
 }
 // utility to mount a disk based filesystem
-func diskSetUp(manager diskManager, b rbdMounter, volPath string, mounter mount.Interface, fsGroup *types.UnixGroupID) error {
+func diskSetUp(manager diskManager, b rbdMounter, volPath string, mounter mount.Interface, fsGroup *int64) error {
 	globalPDPath := manager.MakeGlobalPDName(*b.rbd)
 	// TODO: handle failed mounts here.
 	notMnt, err := mounter.IsLikelyNotMountPoint(volPath)
--- a/pkg/volume/rbd/rbd.go
+++ b/pkg/volume/rbd/rbd.go
@ -403,11 +403,11 @@ func (b *rbdMounter) CanMount() error {
 	return nil
 }
-func (b *rbdMounter) SetUp(fsGroup *types.UnixGroupID) error {
+func (b *rbdMounter) SetUp(fsGroup *int64) error {
 	return b.SetUpAt(b.GetPath(), fsGroup)
 }
-func (b *rbdMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error {
+func (b *rbdMounter) SetUpAt(dir string, fsGroup *int64) error {
 	// diskSetUp checks mountpoints and prevent repeated calls
 	glog.V(4).Infof("rbd: attempting to SetUp and mount %s", dir)
 	err := diskSetUp(b.manager, *b, dir, b.mounter, fsGroup)
--- a/pkg/volume/scaleio/sio_volume.go
+++ b/pkg/volume/scaleio/sio_volume.go
@ -79,12 +79,12 @@ func (v *sioVolume) CanMount() error {
 	return nil
 }
-func (v *sioVolume) SetUp(fsGroup *types.UnixGroupID) error {
+func (v *sioVolume) SetUp(fsGroup *int64) error {
 	return v.SetUpAt(v.GetPath(), fsGroup)
 }
 // SetUp bind mounts the disk global mount to the volume path.
-func (v *sioVolume) SetUpAt(dir string, fsGroup *types.UnixGroupID) error {
+func (v *sioVolume) SetUpAt(dir string, fsGroup *int64) error {
 	v.plugin.volumeMtx.LockKey(v.volSpecName)
 	defer v.plugin.volumeMtx.UnlockKey(v.volSpecName)
--- a/pkg/volume/secret/secret.go
+++ b/pkg/volume/secret/secret.go
@ -178,11 +178,11 @@ func (b *secretVolumeMounter) CanMount() error {
 	return nil
 }
-func (b *secretVolumeMounter) SetUp(fsGroup *types.UnixGroupID) error {
+func (b *secretVolumeMounter) SetUp(fsGroup *int64) error {
 	return b.SetUpAt(b.GetPath(), fsGroup)
 }
-func (b *secretVolumeMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error {
+func (b *secretVolumeMounter) SetUpAt(dir string, fsGroup *int64) error {
 	glog.V(3).Infof("Setting up volume %v for pod %v at %v", b.volName, b.pod.UID, dir)
 	// Wrap EmptyDir, let it do the setup.
--- a/pkg/volume/storageos/storageos.go
+++ b/pkg/volume/storageos/storageos.go
@ -333,7 +333,7 @@ func (b *storageosMounter) CanMount() error {
 }
 // SetUp attaches the disk and bind mounts to the volume path.
-func (b *storageosMounter) SetUp(fsGroup *types.UnixGroupID) error {
+func (b *storageosMounter) SetUp(fsGroup *int64) error {
 	// Need a namespace to find the volume, try pod's namespace if not set.
 	if b.volNamespace == "" {
 		glog.V(2).Infof("Setting StorageOS volume namespace to pod namespace: %s", b.podNamespace)
@ -360,7 +360,7 @@ func (b *storageosMounter) SetUp(fsGroup *types.UnixGroupID) error {
 }
 // SetUp bind mounts the disk global mount to the give volume path.
-func (b *storageosMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error {
+func (b *storageosMounter) SetUpAt(dir string, fsGroup *int64) error {
 	notMnt, err := b.mounter.IsLikelyNotMountPoint(dir)
 	glog.V(4).Infof("StorageOS volume set up: %s %v %v", dir, !notMnt, err)
 	if err != nil && !os.IsNotExist(err) {
--- a/pkg/volume/testing/testing.go
+++ b/pkg/volume/testing/testing.go
@ -354,7 +354,7 @@ func (fv *FakeVolume) CanMount() error {
 	return nil
 }
-func (fv *FakeVolume) SetUp(fsGroup *types.UnixGroupID) error {
+func (fv *FakeVolume) SetUp(fsGroup *int64) error {
 	fv.Lock()
 	defer fv.Unlock()
 	fv.SetUpCallCount++
@ -367,7 +367,7 @@ func (fv *FakeVolume) GetSetUpCallCount() int {
 	return fv.SetUpCallCount
 }
-func (fv *FakeVolume) SetUpAt(dir string, fsGroup *types.UnixGroupID) error {
+func (fv *FakeVolume) SetUpAt(dir string, fsGroup *int64) error {
 	return os.MkdirAll(dir, 0750)
 }
--- a/pkg/volume/util/operationexecutor/operation_generator.go
+++ b/pkg/volume/util/operationexecutor/operation_generator.go
@ -392,7 +392,7 @@ func (og *operationGenerator) GenerateMountVolumeFunc(
 		volumeAttacher, _ = attachableVolumePlugin.NewAttacher()
 	}
-	var fsGroup *types.UnixGroupID
+	var fsGroup *int64
 	if volumeToMount.Pod.Spec.SecurityContext != nil &&
 		volumeToMount.Pod.Spec.SecurityContext.FSGroup != nil {
 		fsGroup = volumeToMount.Pod.Spec.SecurityContext.FSGroup
--- a/pkg/volume/volume.go
+++ b/pkg/volume/volume.go
@ -109,14 +109,14 @@ type Mounter interface {
 	// content should be owned by 'fsGroup' so that it can be
 	// accessed by the pod. This may be called more than once, so
 	// implementations must be idempotent.
-	SetUp(fsGroup *types.UnixGroupID) error
+	SetUp(fsGroup *int64) error
 	// SetUpAt prepares and mounts/unpacks the volume to the
 	// specified directory path, which may or may not exist yet.
 	// The mount point and its content should be owned by
 	// 'fsGroup' so that it can be accessed by the pod. This may
 	// be called more than once, so implementations must be
 	// idempotent.
-	SetUpAt(dir string, fsGroup *types.UnixGroupID) error
+	SetUpAt(dir string, fsGroup *int64) error
 	// GetAttributes returns the attributes of the mounter.
 	GetAttributes() Attributes
 }
--- a/pkg/volume/volume_linux.go
+++ b/pkg/volume/volume_linux.go
@ -24,8 +24,6 @@ import (
 	"os"
 	"k8s.io/apimachinery/pkg/types"
 	"github.com/golang/glog"
 )
@ -37,7 +35,7 @@ const (
 // SetVolumeOwnership modifies the given volume to be owned by
 // fsGroup, and sets SetGid so that newly created files are owned by
 // fsGroup. If fsGroup is nil nothing is done.
-func SetVolumeOwnership(mounter Mounter, fsGroup *types.UnixGroupID) error {
+func SetVolumeOwnership(mounter Mounter, fsGroup *int64) error {
 	if fsGroup == nil {
 		return nil
--- a/pkg/volume/volume_unsupported.go
+++ b/pkg/volume/volume_unsupported.go
@ -18,8 +18,6 @@ limitations under the License.
 package volume
-import "k8s.io/apimachinery/pkg/types"
+func SetVolumeOwnership(mounter Mounter, fsGroup *int64) error {
 func SetVolumeOwnership(mounter Mounter, fsGroup *types.UnixGroupID) error {
 	return nil
 }
--- a/pkg/volume/vsphere_volume/vsphere_volume.go
+++ b/pkg/volume/vsphere_volume/vsphere_volume.go
@ -194,7 +194,7 @@ func (b *vsphereVolumeMounter) GetAttributes() volume.Attributes {
 }
 // SetUp attaches the disk and bind mounts to the volume path.
-func (b *vsphereVolumeMounter) SetUp(fsGroup *types.UnixGroupID) error {
+func (b *vsphereVolumeMounter) SetUp(fsGroup *int64) error {
 	return b.SetUpAt(b.GetPath(), fsGroup)
 }
@ -206,7 +206,7 @@ func (b *vsphereVolumeMounter) CanMount() error {
 }
 // SetUp attaches the disk and bind mounts to the volume path.
-func (b *vsphereVolumeMounter) SetUpAt(dir string, fsGroup *types.UnixGroupID) error {
+func (b *vsphereVolumeMounter) SetUpAt(dir string, fsGroup *int64) error {
 	glog.V(5).Infof("vSphere volume setup %s to %s", b.volPath, dir)
 	// TODO: handle failed mounts here.
--- a/plugin/pkg/admission/security/podsecuritypolicy/admission_test.go
+++ b/plugin/pkg/admission/security/podsecuritypolicy/admission_test.go
@ -25,7 +25,6 @@ import (
 	"github.com/stretchr/testify/assert"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/diff"
 	"k8s.io/apimachinery/pkg/util/sets"
 	kadmission "k8s.io/apiserver/pkg/admission"
@ -835,7 +834,7 @@ func TestAdmitRunAsUser(t *testing.T) {
 		// doesn't matter if we set it here or on the container, the
 		// admission controller uses DetermineEffectiveSC to get the defaulting
 		// behavior so it can validate what will be applied at runtime
-		userID := types.UnixUserID(user)
+		userID := int64(user)
 		pod.Spec.SecurityContext.RunAsUser = &userID
 		return pod
 	}
@ -855,7 +854,7 @@ func TestAdmitRunAsUser(t *testing.T) {
 		pod               *kapi.Pod
 		psps              []*extensions.PodSecurityPolicy
 		shouldPass        bool
-		expectedRunAsUser *types.UnixUserID
+		expectedRunAsUser *int64
 		expectedPSP       string
 	}{
 		"runAsAny no pod request": {
@ -941,8 +940,8 @@ func TestAdmitSupplementalGroups(t *testing.T) {
 		// doesn't matter if we set it here or on the container, the
 		// admission controller uses DetermineEffectiveSC to get the defaulting
 		// behavior so it can validate what will be applied at runtime
-		groupID := types.UnixGroupID(group)
+		groupID := int64(group)
-		pod.Spec.SecurityContext.SupplementalGroups = []types.UnixGroupID{groupID}
+		pod.Spec.SecurityContext.SupplementalGroups = []int64{groupID}
 		return pod
 	}
@ -957,28 +956,28 @@ func TestAdmitSupplementalGroups(t *testing.T) {
 		pod               *kapi.Pod
 		psps              []*extensions.PodSecurityPolicy
 		shouldPass        bool
-		expectedSupGroups []types.UnixGroupID
+		expectedSupGroups []int64
 		expectedPSP       string
 	}{
 		"runAsAny no pod request": {
 			pod:               goodPod(),
 			psps:              []*extensions.PodSecurityPolicy{runAsAny},
 			shouldPass:        true,
-			expectedSupGroups: []types.UnixGroupID{},
+			expectedSupGroups: []int64{},
 			expectedPSP:       runAsAny.Name,
 		},
 		"runAsAny pod request": {
 			pod:               createPodWithSupGroup(1),
 			psps:              []*extensions.PodSecurityPolicy{runAsAny},
 			shouldPass:        true,
-			expectedSupGroups: []types.UnixGroupID{1},
+			expectedSupGroups: []int64{1},
 			expectedPSP:       runAsAny.Name,
 		},
 		"mustRunAs no pod request": {
 			pod:               goodPod(),
 			psps:              []*extensions.PodSecurityPolicy{mustRunAs},
 			shouldPass:        true,
-			expectedSupGroups: []types.UnixGroupID{mustRunAs.Spec.SupplementalGroups.Ranges[0].Min},
+			expectedSupGroups: []int64{mustRunAs.Spec.SupplementalGroups.Ranges[0].Min},
 			expectedPSP:       mustRunAs.Name,
 		},
 		"mustRunAs bad pod request": {
@ -990,7 +989,7 @@ func TestAdmitSupplementalGroups(t *testing.T) {
 			pod:               createPodWithSupGroup(999),
 			psps:              []*extensions.PodSecurityPolicy{mustRunAs},
 			shouldPass:        true,
-			expectedSupGroups: []types.UnixGroupID{999},
+			expectedSupGroups: []int64{999},
 			expectedPSP:       mustRunAs.Name,
 		},
 	}
@ -1035,7 +1034,7 @@ func TestAdmitFSGroup(t *testing.T) {
 		pod             *kapi.Pod
 		psps            []*extensions.PodSecurityPolicy
 		shouldPass      bool
-		expectedFSGroup *types.UnixGroupID
+		expectedFSGroup *int64
 		expectedPSP     string
 	}{
 		"runAsAny no pod request": {
@ -1711,7 +1710,7 @@ func restrictivePSP() *extensions.PodSecurityPolicy {
 			RunAsUser: extensions.RunAsUserStrategyOptions{
 				Rule: extensions.RunAsUserStrategyMustRunAs,
 				Ranges: []extensions.UserIDRange{
-					{Min: types.UnixUserID(999), Max: types.UnixUserID(999)},
+					{Min: int64(999), Max: int64(999)},
 				},
 			},
 			SELinux: extensions.SELinuxStrategyOptions{
@ -1723,13 +1722,13 @@ func restrictivePSP() *extensions.PodSecurityPolicy {
 			FSGroup: extensions.FSGroupStrategyOptions{
 				Rule: extensions.FSGroupStrategyMustRunAs,
 				Ranges: []extensions.GroupIDRange{
-					{Min: types.UnixGroupID(999), Max: types.UnixGroupID(999)},
+					{Min: int64(999), Max: int64(999)},
 				},
 			},
 			SupplementalGroups: extensions.SupplementalGroupsStrategyOptions{
 				Rule: extensions.SupplementalGroupsStrategyMustRunAs,
 				Ranges: []extensions.GroupIDRange{
-					{Min: types.UnixGroupID(999), Max: types.UnixGroupID(999)},
+					{Min: int64(999), Max: int64(999)},
 				},
 			},
 		},
@ -1774,12 +1773,12 @@ func goodPod() *kapi.Pod {
 	}
 }
-func userIDPtr(i int) *types.UnixUserID {
+func userIDPtr(i int) *int64 {
-	userID := types.UnixUserID(i)
+	userID := int64(i)
 	return &userID
 }
-func groupIDPtr(i int) *types.UnixGroupID {
+func groupIDPtr(i int) *int64 {
-	groupID := types.UnixGroupID(i)
+	groupID := int64(i)
 	return &groupID
 }
--- a/plugin/pkg/admission/securitycontext/scdeny/admission_test.go
+++ b/plugin/pkg/admission/securitycontext/scdeny/admission_test.go
@ -19,7 +19,6 @@ package scdeny
 import (
 	"testing"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apiserver/pkg/admission"
 	"k8s.io/kubernetes/pkg/api"
 )
@ -28,7 +27,7 @@ import (
 func TestAdmission(t *testing.T) {
 	handler := NewSecurityContextDeny()
-	runAsUser := types.UnixUserID(1)
+	runAsUser := int64(1)
 	priv := true
 	cases := []struct {
@ -116,7 +115,7 @@ func TestPodSecurityContextAdmission(t *testing.T) {
 		},
 	}
-	fsGroup := types.UnixGroupID(1001)
+	fsGroup := int64(1001)
 	tests := []struct {
 		securityContext api.PodSecurityContext
@ -128,7 +127,7 @@ func TestPodSecurityContextAdmission(t *testing.T) {
 		},
 		{
 			securityContext: api.PodSecurityContext{
-				SupplementalGroups: []types.UnixGroupID{types.UnixGroupID(1234)},
+				SupplementalGroups: []int64{int64(1234)},
 			},
 			errorExpected: true,
 		},
--- a/staging/src/k8s.io/apimachinery/pkg/types/unix_user_id.go
+++ b/staging/src/k8s.io/apimachinery/pkg/types/unix_user_id.go
@ -1,23 +0,0 @@
 /*
 Copyright 2016 The Kubernetes Authors.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package types
 // int64 is used as a safe bet against wrap-around (uid's are general
 // int32) and to support uid_t -1, and -2.
 type UnixUserID int64
 type UnixGroupID int64
--- a/staging/src/k8s.io/apimachinery/pkg/util/validation/validation.go
+++ b/staging/src/k8s.io/apimachinery/pkg/util/validation/validation.go
@ -22,8 +22,6 @@ import (
 	"net"
 	"regexp"
 	"strings"
 	"k8s.io/apimachinery/pkg/types"
 )
 const qnameCharFmt string = "[A-Za-z0-9]"
@ -200,7 +198,7 @@ const (
 )
 // IsValidGroupID tests that the argument is a valid Unix GID.
-func IsValidGroupID(gid types.UnixGroupID) []string {
+func IsValidGroupID(gid int64) []string {
 	if minGroupID <= gid && gid <= maxGroupID {
 		return nil
 	}
@ -208,7 +206,7 @@ func IsValidGroupID(gid types.UnixGroupID) []string {
 }
 // IsValidUserID tests that the argument is a valid Unix UID.
-func IsValidUserID(uid types.UnixUserID) []string {
+func IsValidUserID(uid int64) []string {
 	if minUserID <= uid && uid <= maxUserID {
 		return nil
 	}
--- a/staging/src/k8s.io/apimachinery/pkg/util/validation/validation_test.go
+++ b/staging/src/k8s.io/apimachinery/pkg/util/validation/validation_test.go
@ -19,8 +19,6 @@ package validation
 import (
 	"strings"
 	"testing"
 	"k8s.io/apimachinery/pkg/types"
 )
 func TestIsDNS1123Label(t *testing.T) {
@ -156,18 +154,18 @@ func TestIsValidPortNum(t *testing.T) {
 	}
 }
-func createGroupIDs(ids ...int64) []types.UnixGroupID {
+func createGroupIDs(ids ...int64) []int64 {
-	var output []types.UnixGroupID
+	var output []int64
 	for _, id := range ids {
-		output = append(output, types.UnixGroupID(id))
+		output = append(output, int64(id))
 	}
 	return output
 }
-func createUserIDs(ids ...int64) []types.UnixUserID {
+func createUserIDs(ids ...int64) []int64 {
-	var output []types.UnixUserID
+	var output []int64
 	for _, id := range ids {
-		output = append(output, types.UnixUserID(id))
+		output = append(output, int64(id))
 	}
 	return output
 }
--- a/staging/src/k8s.io/client-go/pkg/api/types.go
+++ b/staging/src/k8s.io/client-go/pkg/api/types.go
@ -2263,7 +2263,7 @@ type PodSecurityContext struct {
 	// PodSecurityContext, the value specified in SecurityContext takes precedence
 	// for that container.
 	// +optional
-	RunAsUser *types.UnixUserID
+	RunAsUser *int64
 	// Indicates that the container must run as a non-root user.
 	// If true, the Kubelet will validate the image at runtime to ensure that it
 	// does not run as UID 0 (root) and fail to start the container if it does.
@ -2276,7 +2276,7 @@ type PodSecurityContext struct {
 	// to the container's primary GID.  If unspecified, no groups will be added to
 	// any container.
 	// +optional
-	SupplementalGroups []types.UnixGroupID
+	SupplementalGroups []int64
 	// A special supplemental group that applies to all containers in a pod.
 	// Some volume types allow the Kubelet to change the ownership of that volume
 	// to be owned by the pod:
@ -2287,7 +2287,7 @@ type PodSecurityContext struct {
 	//
 	// If unset, the Kubelet will not modify the ownership and permissions of any volume.
 	// +optional
-	FSGroup *types.UnixGroupID
+	FSGroup *int64
 }
 // PodQOSClass defines the supported qos classes of Pods.
@ -3924,7 +3924,7 @@ type SecurityContext struct {
 	// May also be set in PodSecurityContext.  If set in both SecurityContext and
 	// PodSecurityContext, the value specified in SecurityContext takes precedence.
 	// +optional
-	RunAsUser *types.UnixUserID
+	RunAsUser *int64
 	// Indicates that the container must run as a non-root user.
 	// If true, the Kubelet will validate the image at runtime to ensure that it
 	// does not run as UID 0 (root) and fail to start the container if it does.
--- a/staging/src/k8s.io/client-go/pkg/api/v1/types.go
+++ b/staging/src/k8s.io/client-go/pkg/api/v1/types.go
@ -2548,7 +2548,7 @@ type PodSecurityContext struct {
 	// PodSecurityContext, the value specified in SecurityContext takes precedence
 	// for that container.
 	// +optional
-	RunAsUser *types.UnixUserID `json:"runAsUser,omitempty" protobuf:"varint,2,opt,name=runAsUser,casttype=k8s.io/apimachinery/pkg/types.UnixUserID"`
+	RunAsUser *int64 `json:"runAsUser,omitempty" protobuf:"varint,2,opt,name=runAsUser"`
 	// Indicates that the container must run as a non-root user.
 	// If true, the Kubelet will validate the image at runtime to ensure that it
 	// does not run as UID 0 (root) and fail to start the container if it does.
@ -2561,7 +2561,7 @@ type PodSecurityContext struct {
 	// to the container's primary GID.  If unspecified, no groups will be added to
 	// any container.
 	// +optional
-	SupplementalGroups []types.UnixGroupID `json:"supplementalGroups,omitempty" protobuf:"varint,4,rep,name=supplementalGroups,casttype=k8s.io/apimachinery/pkg/types.UnixGroupID"`
+	SupplementalGroups []int64 `json:"supplementalGroups,omitempty" protobuf:"varint,4,rep,name=supplementalGroups"`
 	// A special supplemental group that applies to all containers in a pod.
 	// Some volume types allow the Kubelet to change the ownership of that volume
 	// to be owned by the pod:
@ -2572,7 +2572,7 @@ type PodSecurityContext struct {
 	//
 	// If unset, the Kubelet will not modify the ownership and permissions of any volume.
 	// +optional
-	FSGroup *types.UnixGroupID `json:"fsGroup,omitempty" protobuf:"varint,5,opt,name=fsGroup,casttype=k8s.io/apimachinery/pkg/types.UnixGroupID"`
+	FSGroup *int64 `json:"fsGroup,omitempty" protobuf:"varint,5,opt,name=fsGroup"`
 }
 // PodQOSClass defines the supported qos classes of Pods.
@ -4511,7 +4511,7 @@ type SecurityContext struct {
 	// May also be set in PodSecurityContext.  If set in both SecurityContext and
 	// PodSecurityContext, the value specified in SecurityContext takes precedence.
 	// +optional
-	RunAsUser *types.UnixUserID `json:"runAsUser,omitempty" protobuf:"varint,4,opt,name=runAsUser,casttype=k8s.io/apimachinery/pkg/types.UnixUserID"`
+	RunAsUser *int64 `json:"runAsUser,omitempty" protobuf:"varint,4,opt,name=runAsUser"`
 	// Indicates that the container must run as a non-root user.
 	// If true, the Kubelet will validate the image at runtime to ensure that it
 	// does not run as UID 0 (root) and fail to start the container if it does.
--- a/staging/src/k8s.io/client-go/pkg/apis/extensions/types.go
+++ b/staging/src/k8s.io/client-go/pkg/apis/extensions/types.go
@ -31,7 +31,6 @@ package extensions
 import (
 	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/intstr"
 	"k8s.io/client-go/pkg/api"
 )
@ -980,17 +979,17 @@ type RunAsUserStrategyOptions struct {
 // UserIDRange provides a min/max of an allowed range of UserIDs.
 type UserIDRange struct {
 	// Min is the start of the range, inclusive.
-	Min types.UnixUserID
+	Min int64
 	// Max is the end of the range, inclusive.
-	Max types.UnixUserID
+	Max int64
 }
 // GroupIDRange provides a min/max of an allowed range of GroupIDs.
 type GroupIDRange struct {
 	// Min is the start of the range, inclusive.
-	Min types.UnixGroupID
+	Min int64
 	// Max is the end of the range, inclusive.
-	Max types.UnixGroupID
+	Max int64
 }
 // RunAsUserStrategy denotes strategy types for generating RunAsUser values for a
--- a/test/e2e/common/configmap.go
+++ b/test/e2e/common/configmap.go
@ -25,7 +25,6 @@ import (
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/uuid"
 	"k8s.io/kubernetes/pkg/api/v1"
 	"k8s.io/kubernetes/test/e2e/framework"
@ -523,8 +522,8 @@ func newEnvFromConfigMap(f *framework.Framework, name string) *v1.ConfigMap {
 }
 func doConfigMapE2EWithoutMappings(f *framework.Framework, uid, fsGroup int64, defaultMode *int32) {
-	userID := types.UnixUserID(uid)
+	userID := int64(uid)
-	groupID := types.UnixGroupID(fsGroup)
+	groupID := int64(fsGroup)
 	var (
 		name            = "configmap-test-volume-" + string(uuid.NewUUID())
@ -602,8 +601,8 @@ func doConfigMapE2EWithoutMappings(f *framework.Framework, uid, fsGroup int64, d
 }
 func doConfigMapE2EWithMappings(f *framework.Framework, uid, fsGroup int64, itemMode *int32) {
-	userID := types.UnixUserID(uid)
+	userID := int64(uid)
-	groupID := types.UnixGroupID(fsGroup)
+	groupID := int64(fsGroup)
 	var (
 		name            = "configmap-test-volume-map-" + string(uuid.NewUUID())
--- a/test/e2e/common/downwardapi_volume.go
+++ b/test/e2e/common/downwardapi_volume.go
@ -28,7 +28,6 @@ import (
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
 	"k8s.io/apimachinery/pkg/types"
 )
 var _ = framework.KubeDescribe("Downward API volume", func() {
@ -71,8 +70,8 @@ var _ = framework.KubeDescribe("Downward API volume", func() {
 	It("should provide podname as non-root with fsgroup [Feature:FSGroup] [Volume]", func() {
 		podName := "metadata-volume-" + string(uuid.NewUUID())
-		uid := types.UnixUserID(1001)
+		uid := int64(1001)
-		gid := types.UnixGroupID(1234)
+		gid := int64(1234)
 		pod := downwardAPIVolumePodForSimpleTest(podName, "/etc/podname")
 		pod.Spec.SecurityContext = &v1.PodSecurityContext{
 			RunAsUser: &uid,
@ -85,8 +84,8 @@ var _ = framework.KubeDescribe("Downward API volume", func() {
 	It("should provide podname as non-root with fsgroup and defaultMode [Feature:FSGroup] [Volume]", func() {
 		podName := "metadata-volume-" + string(uuid.NewUUID())
-		uid := types.UnixUserID(1001)
+		uid := int64(1001)
-		gid := types.UnixGroupID(1234)
+		gid := int64(1234)
 		mode := int32(0440) /* setting fsGroup sets mode to at least 440 */
 		pod := downwardAPIVolumePodForModeTest(podName, "/etc/podname", &mode, nil)
 		pod.Spec.SecurityContext = &v1.PodSecurityContext{
--- a/test/e2e/common/empty_dir.go
+++ b/test/e2e/common/empty_dir.go
@ -27,7 +27,6 @@ import (
 	"k8s.io/kubernetes/test/e2e/framework"
 	. "github.com/onsi/ginkgo"
 	"k8s.io/apimachinery/pkg/types"
 )
 const (
@ -142,7 +141,7 @@ func doTestSetgidFSGroup(f *framework.Framework, image string, medium v1.Storage
 		fmt.Sprintf("--file_owner=%v", filePath),
 	}
-	fsGroup := types.UnixGroupID(123)
+	fsGroup := int64(123)
 	pod.Spec.SecurityContext.FSGroup = &fsGroup
 	msg := fmt.Sprintf("emptydir 0644 on %v", formatMedium(medium))
@ -172,7 +171,7 @@ func doTestSubPathFSGroup(f *framework.Framework, image string, medium v1.Storag
 	pod.Spec.Containers[0].VolumeMounts[0].SubPath = subPath
-	fsGroup := types.UnixGroupID(123)
+	fsGroup := int64(123)
 	pod.Spec.SecurityContext.FSGroup = &fsGroup
 	msg := fmt.Sprintf("emptydir subpath on %v", formatMedium(medium))
@ -198,7 +197,7 @@ func doTestVolumeModeFSGroup(f *framework.Framework, image string, medium v1.Sto
 		fmt.Sprintf("--file_perm=%v", volumePath),
 	}
-	fsGroup := types.UnixGroupID(1001)
+	fsGroup := int64(1001)
 	pod.Spec.SecurityContext.FSGroup = &fsGroup
 	msg := fmt.Sprintf("emptydir volume type on %v", formatMedium(medium))
@ -224,7 +223,7 @@ func doTest0644FSGroup(f *framework.Framework, image string, medium v1.StorageMe
 		fmt.Sprintf("--file_perm=%v", filePath),
 	}
-	fsGroup := types.UnixGroupID(123)
+	fsGroup := int64(123)
 	pod.Spec.SecurityContext.FSGroup = &fsGroup
 	msg := fmt.Sprintf("emptydir 0644 on %v", formatMedium(medium))
--- a/test/e2e/common/projected.go
+++ b/test/e2e/common/projected.go
@ -29,7 +29,6 @@ import (
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
 	"k8s.io/apimachinery/pkg/types"
 )
 var _ = framework.KubeDescribe("Projected", func() {
@ -47,8 +46,8 @@ var _ = framework.KubeDescribe("Projected", func() {
 	It("should be consumable from pods in volume as non-root with defaultMode and fsGroup set [Conformance] [Volume]", func() {
 		defaultMode := int32(0440) /* setting fsGroup sets mode to at least 440 */
-		fsGroup := types.UnixGroupID(1001)
+		fsGroup := int64(1001)
-		uid := types.UnixUserID(1000)
+		uid := int64(1000)
 		doProjectedSecretE2EWithoutMapping(f, &defaultMode, "projected-secret-test-"+string(uuid.NewUUID()), &fsGroup, &uid)
 	})
@ -834,8 +833,8 @@ var _ = framework.KubeDescribe("Projected", func() {
 	It("should provide podname as non-root with fsgroup [Feature:FSGroup] [Volume]", func() {
 		podName := "metadata-volume-" + string(uuid.NewUUID())
-		uid := types.UnixUserID(1001)
+		uid := int64(1001)
-		gid := types.UnixGroupID(1234)
+		gid := int64(1234)
 		pod := downwardAPIVolumePodForSimpleTest(podName, "/etc/podname")
 		pod.Spec.SecurityContext = &v1.PodSecurityContext{
 			RunAsUser: &uid,
@ -848,8 +847,8 @@ var _ = framework.KubeDescribe("Projected", func() {
 	It("should provide podname as non-root with fsgroup and defaultMode [Feature:FSGroup] [Volume]", func() {
 		podName := "metadata-volume-" + string(uuid.NewUUID())
-		uid := types.UnixUserID(1001)
+		uid := int64(1001)
-		gid := types.UnixGroupID(1234)
+		gid := int64(1234)
 		mode := int32(0440) /* setting fsGroup sets mode to at least 440 */
 		pod := projectedDownwardAPIVolumePodForModeTest(podName, "/etc/podname", &mode, nil)
 		pod.Spec.SecurityContext = &v1.PodSecurityContext{
@ -1025,7 +1024,7 @@ var _ = framework.KubeDescribe("Projected", func() {
 })
 func doProjectedSecretE2EWithoutMapping(f *framework.Framework, defaultMode *int32,
-	secretName string, fsGroup *types.UnixGroupID, uid *types.UnixUserID) {
+	secretName string, fsGroup *int64, uid *int64) {
 	var (
 		volumeName      = "projected-secret-volume"
 		volumeMountPath = "/etc/projected-secret-volume"
@ -1185,8 +1184,8 @@ func doProjectedSecretE2EWithMapping(f *framework.Framework, mode *int32) {
 }
 func doProjectedConfigMapE2EWithoutMappings(f *framework.Framework, uid, fsGroup int64, defaultMode *int32) {
-	userID := types.UnixUserID(uid)
+	userID := int64(uid)
-	groupID := types.UnixGroupID(fsGroup)
+	groupID := int64(fsGroup)
 	var (
 		name            = "projected-configmap-test-volume-" + string(uuid.NewUUID())
@ -1269,8 +1268,8 @@ func doProjectedConfigMapE2EWithoutMappings(f *framework.Framework, uid, fsGroup
 }
 func doProjectedConfigMapE2EWithMappings(f *framework.Framework, uid, fsGroup int64, itemMode *int32) {
-	userID := types.UnixUserID(uid)
+	userID := int64(uid)
-	groupID := types.UnixGroupID(fsGroup)
+	groupID := int64(fsGroup)
 	var (
 		name            = "projected-configmap-test-volume-map-" + string(uuid.NewUUID())
--- a/test/e2e/common/secrets.go
+++ b/test/e2e/common/secrets.go
@ -29,7 +29,6 @@ import (
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
 	"k8s.io/apimachinery/pkg/types"
 )
 var _ = framework.KubeDescribe("Secrets", func() {
@ -46,8 +45,8 @@ var _ = framework.KubeDescribe("Secrets", func() {
 	It("should be consumable from pods in volume as non-root with defaultMode and fsGroup set [Conformance] [Volume]", func() {
 		defaultMode := int32(0440) /* setting fsGroup sets mode to at least 440 */
-		fsGroup := types.UnixGroupID(1001)
+		fsGroup := int64(1001)
-		uid := types.UnixUserID(1000)
+		uid := int64(1000)
 		doSecretE2EWithoutMapping(f, &defaultMode, "secret-test-"+string(uuid.NewUUID()), &fsGroup, &uid)
 	})
@ -455,7 +454,7 @@ func secretForTest(namespace, name string) *v1.Secret {
 }
 func doSecretE2EWithoutMapping(f *framework.Framework, defaultMode *int32, secretName string,
-	fsGroup *types.UnixGroupID, uid *types.UnixUserID) {
+	fsGroup *int64, uid *int64) {
 	var (
 		volumeName      = "secret-volume"
 		volumeMountPath = "/etc/secret-volume"
--- a/test/e2e/framework/volume_util.go
+++ b/test/e2e/framework/volume_util.go
@ -46,7 +46,6 @@ import (
 	apierrs "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/kubernetes/pkg/api/v1"
 	"k8s.io/kubernetes/pkg/client/clientset_generated/clientset"
@ -243,7 +242,7 @@ func VolumeTestCleanup(f *Framework, config VolumeTestConfig) {
 // and check that the pod sees expected data, e.g. from the server pod.
 // Multiple VolumeTests can be specified to mount multiple volumes to a single
 // pod.
-func TestVolumeClient(client clientset.Interface, config VolumeTestConfig, fsGroup *types.UnixGroupID, tests []VolumeTest) {
+func TestVolumeClient(client clientset.Interface, config VolumeTestConfig, fsGroup *int64, tests []VolumeTest) {
 	By(fmt.Sprint("starting ", config.Prefix, " client"))
 	clientPod := &v1.Pod{
 		TypeMeta: metav1.TypeMeta{
--- a/test/e2e/security_context.go
+++ b/test/e2e/security_context.go
@ -26,7 +26,6 @@ import (
 	"fmt"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/uuid"
 	"k8s.io/kubernetes/pkg/api/v1"
 	"k8s.io/kubernetes/test/e2e/framework"
@ -66,14 +65,14 @@ var _ = framework.KubeDescribe("Security Context [Feature:SecurityContext]", fun
 	It("should support pod.Spec.SecurityContext.SupplementalGroups", func() {
 		pod := scTestPod(false, false)
 		pod.Spec.Containers[0].Command = []string{"id", "-G"}
-		pod.Spec.SecurityContext.SupplementalGroups = []types.UnixGroupID{1234, 5678}
+		pod.Spec.SecurityContext.SupplementalGroups = []int64{1234, 5678}
 		groups := []string{"1234", "5678"}
 		f.TestContainerOutput("pod.Spec.SecurityContext.SupplementalGroups", pod, 0, groups)
 	})
 	It("should support pod.Spec.SecurityContext.RunAsUser", func() {
 		pod := scTestPod(false, false)
-		userID := types.UnixUserID(1001)
+		userID := int64(1001)
 		pod.Spec.SecurityContext.RunAsUser = &userID
 		pod.Spec.Containers[0].Command = []string{"sh", "-c", "id -u"}
@ -84,8 +83,8 @@ var _ = framework.KubeDescribe("Security Context [Feature:SecurityContext]", fun
 	It("should support container.SecurityContext.RunAsUser", func() {
 		pod := scTestPod(false, false)
-		userID := types.UnixUserID(1001)
+		userID := int64(1001)
-		overrideUserID := types.UnixUserID(1002)
+		overrideUserID := int64(1002)
 		pod.Spec.SecurityContext.RunAsUser = &userID
 		pod.Spec.Containers[0].SecurityContext = new(v1.SecurityContext)
 		pod.Spec.Containers[0].SecurityContext.RunAsUser = &overrideUserID
--- a/test/e2e/storage/volumes.go
+++ b/test/e2e/storage/volumes.go
@ -264,7 +264,7 @@ var _ = framework.KubeDescribe("Volumes [Volume]", func() {
 					ExpectedContent: "Hello from iSCSI",
 				},
 			}
-			fsGroup := types.UnixGroupID(1234)
+			fsGroup := int64(1234)
 			framework.TestVolumeClient(cs, config, &fsGroup, tests)
 		})
 	})
@ -343,7 +343,7 @@ var _ = framework.KubeDescribe("Volumes [Volume]", func() {
 					ExpectedContent: "Hello from RBD",
 				},
 			}
-			fsGroup := types.UnixGroupID(1234)
+			fsGroup := int64(1234)
 			framework.TestVolumeClient(cs, config, &fsGroup, tests)
 		})
 	})
@ -496,7 +496,7 @@ var _ = framework.KubeDescribe("Volumes [Volume]", func() {
 			framework.InjectHtml(cs, config, tests[0].Volume, tests[0].ExpectedContent)
-			fsGroup := types.UnixGroupID(1234)
+			fsGroup := int64(1234)
 			framework.TestVolumeClient(cs, config, &fsGroup, tests)
 		})
 	})
@ -550,7 +550,7 @@ var _ = framework.KubeDescribe("Volumes [Volume]", func() {
 			framework.InjectHtml(cs, config, tests[0].Volume, tests[0].ExpectedContent)
-			fsGroup := types.UnixGroupID(1234)
+			fsGroup := int64(1234)
 			framework.TestVolumeClient(cs, config, &fsGroup, tests)
 		})
 	})
@ -682,7 +682,7 @@ var _ = framework.KubeDescribe("Volumes [Volume]", func() {
 			framework.InjectHtml(cs, config, tests[0].Volume, tests[0].ExpectedContent)
-			fsGroup := types.UnixGroupID(1234)
+			fsGroup := int64(1234)
 			framework.TestVolumeClient(cs, config, &fsGroup, tests)
 		})
 	})
@ -732,7 +732,7 @@ var _ = framework.KubeDescribe("Volumes [Volume]", func() {
 			framework.InjectHtml(cs, config, tests[0].Volume, tests[0].ExpectedContent)
-			fsGroup := types.UnixGroupID(1234)
+			fsGroup := int64(1234)
 			framework.TestVolumeClient(cs, config, &fsGroup, tests)
 		})
 	})
--- a/test/e2e_node/runtime_conformance_test.go
+++ b/test/e2e_node/runtime_conformance_test.go
@ -21,7 +21,6 @@ import (
 	"path"
 	"time"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/uuid"
 	"k8s.io/kubernetes/pkg/api/v1"
 	"k8s.io/kubernetes/pkg/kubelet/images"
@ -130,8 +129,8 @@ while true; do sleep 1; done
 				}
 			})
-			rootUser := types.UnixUserID(0)
+			rootUser := int64(0)
-			nonRootUser := types.UnixUserID(10000)
+			nonRootUser := int64(10000)
 			for _, testCase := range []struct {
 				name      string
 				container v1.Container