From f20d9c624de27a2a167f8efacd6e3e09f935c23a Mon Sep 17 00:00:00 2001 From: Reto Lehmann Date: Fri, 1 Mar 2024 12:17:29 +0100 Subject: [PATCH] Drop uid and guid in 3scale-kourier-gateway (#127) --- config/300-gateway.yaml | 2 -- openshift/patches/003-dropuid.patch | 13 +++++++++++++ openshift/release/artifacts/net-kourier.yaml | 2 -- 3 files changed, 13 insertions(+), 4 deletions(-) create mode 100644 openshift/patches/003-dropuid.patch diff --git a/config/300-gateway.yaml b/config/300-gateway.yaml index 4a71d3eb7..6c9df8f9f 100644 --- a/config/300-gateway.yaml +++ b/config/300-gateway.yaml @@ -72,8 +72,6 @@ spec: allowPrivilegeEscalation: false readOnlyRootFilesystem: false runAsNonRoot: true - runAsUser: 65534 - runAsGroup: 65534 capabilities: drop: - ALL diff --git a/openshift/patches/003-dropuid.patch b/openshift/patches/003-dropuid.patch new file mode 100644 index 000000000..5b7d331f6 --- /dev/null +++ b/openshift/patches/003-dropuid.patch @@ -0,0 +1,13 @@ +diff --git a/config/300-gateway.yaml b/config/300-gateway.yaml +index 4a71d3eb..6c9df8f9 100644 +--- a/config/300-gateway.yaml ++++ b/config/300-gateway.yaml +@@ -72,8 +72,6 @@ spec: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsNonRoot: true +- runAsUser: 65534 +- runAsGroup: 65534 + capabilities: + drop: + - ALL diff --git a/openshift/release/artifacts/net-kourier.yaml b/openshift/release/artifacts/net-kourier.yaml index 75fb69cfd..319131466 100644 --- a/openshift/release/artifacts/net-kourier.yaml +++ b/openshift/release/artifacts/net-kourier.yaml @@ -486,8 +486,6 @@ spec: allowPrivilegeEscalation: false readOnlyRootFilesystem: false runAsNonRoot: true - runAsUser: 65534 - runAsGroup: 65534 capabilities: drop: - ALL