Merge pull request #51 from awels/remove_run_as_non_root

Run as user 1000, no need to be root.
kubevirt · Feb 14, 2020 · fc3a44f · fc3a44f
2 parents 6175e42 + f0e68a9
commit fc3a44f
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 0 deletions.
diff --git a/deploy/operator.yaml b/deploy/operator.yaml
@@ -311,6 +311,9 @@ spec:
       labels:
         name: hostpath-provisioner-operator
     spec:
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
       serviceAccountName: hostpath-provisioner-operator
       containers:
         - name: hostpath-provisioner-operator

diff --git a/tools/helper/helper.go b/tools/helper/helper.go
@@ -46,6 +46,7 @@ func WithOperatorLabels(labels map[string]string) map[string]string {
 //CreateOperatorDeploymentSpec creates deployment
 func CreateOperatorDeploymentSpec(name, namespace, matchKey, matchValue, serviceAccount string, numReplicas int32) *appsv1.DeploymentSpec {
 	matchMap := map[string]string{matchKey: matchValue}
+	user := int64(1000)
 	spec := &appsv1.DeploymentSpec{
 		Replicas: &numReplicas,
 		Selector: &metav1.LabelSelector{
@@ -58,6 +59,7 @@ func CreateOperatorDeploymentSpec(name, namespace, matchKey, matchValue, service
 			Spec: corev1.PodSpec{
 				SecurityContext: &corev1.PodSecurityContext{
 					RunAsNonRoot: &[]bool{true}[0],
+					RunAsUser:    &user,
 				},
 			},
 		},