From 777c51df6eeefbb93cea2f262f5e5de049d80b3f Mon Sep 17 00:00:00 2001 From: "SCOTT A. EXTON" Date: Thu, 28 Oct 2021 10:01:43 +1000 Subject: [PATCH] Remove the default security context from the generated deployment descriptors. --- .../ibmsecurityverifyaccess_controller.go | 19 +------------------ 1 file changed, 1 insertion(+), 18 deletions(-) diff --git a/src/controllers/ibmsecurityverifyaccess_controller.go b/src/controllers/ibmsecurityverifyaccess_controller.go index bda256a..0260a2b 100644 --- a/src/controllers/ibmsecurityverifyaccess_controller.go +++ b/src/controllers/ibmsecurityverifyaccess_controller.go @@ -340,8 +340,6 @@ func (r *IBMSecurityVerifyAccessReconciler) createSecret( * We will pre-propulate: * - metadata * - spec.selector - * - template.spec.securityContext.runAsUser - * - template.spec.securityContext.runAsNonRoot * - template.spec.containers[0].name * - template.spec.containers[0].ports * - template.spec.containers[0].livenessProbe @@ -388,21 +386,6 @@ func (r *IBMSecurityVerifyAccessReconciler) deploymentForVerifyAccess( } falseVar := false - trueVar := true - - /* - * The security context to be used. - */ - - isvaUser := int64(6000) - securityContext := m.Spec.Container.SecurityContext - - if securityContext == nil { - securityContext = &corev1.SecurityContext { - RunAsNonRoot: &trueVar, - RunAsUser: &isvaUser, - } - } /* * The port which is exported by the deployment. @@ -579,7 +562,7 @@ func (r *IBMSecurityVerifyAccessReconciler) deploymentForVerifyAccess( Ports: ports, ReadinessProbe: readinessProbe, Resources: m.Spec.Container.Resources, - SecurityContext: securityContext, + SecurityContext: m.Spec.Container.SecurityContext, StartupProbe: startupProbe, VolumeDevices: m.Spec.Container.VolumeDevices, VolumeMounts: m.Spec.Container.VolumeMounts,